From 14f56444cd87ecd0f7e42d969ab7fe1845e9a292 Mon Sep 17 00:00:00 2001 From: sebhoss Date: Fri, 23 Aug 2024 10:06:36 +0000 Subject: [PATCH] Update upstream specifications to their latest version --- .../v1beta1/postgresclusters.yaml | 9 + .../kuadrant.io/v1alpha1/dnsrecords.yaml | 32 +- .../v1/integrationplatforms.yaml | 4 +- .../v1beta1/flinkdeployments.yaml | 220 ++ .../v1alpha1/componentdefinitions.yaml | 168 +- .../argoproj.io/v1alpha1/applications.yaml | 74 +- .../argoproj.io/v1alpha1/applicationsets.yaml | 45 + .../argoproj.io/v1alpha1/appprojects.yaml | 16 +- .../karpenter.k8s.aws/v1/ec2nodeclasses.yaml | 14 +- .../v1beta1/ec2nodeclasses.yaml | 14 +- .../karpenter.sh/v1/nodeclaims.yaml | 6 +- .../karpenter.sh/v1/nodepools.yaml | 6 +- .../karpenter.sh/v1beta1/nodeclaims.yaml | 4 +- .../karpenter.sh/v1beta1/nodepools.yaml | 4 +- .../acme.cert-manager.io/v1/challenges.yaml | 58 +- .../v1/certificaterequests.yaml | 12 +- .../cert-manager.io/v1/certificates.yaml | 42 +- .../cert-manager.io/v1/clusterissuers.yaml | 58 +- .../cert-manager.io/v1/issuers.yaml | 58 +- .../v1alpha1/datastores.yaml | 2 +- .../v1alpha1/tenantcontrolplanes.yaml | 199 +- .../postgresql.cnpg.io/v1/clusters.yaml | 3 + .../v2/couchbaseautoscalers.yaml | 14 +- .../v2/couchbasebackuprestores.yaml | 102 +- .../couchbase.com/v2/couchbasebackups.yaml | 108 +- .../couchbase.com/v2/couchbasebuckets.yaml | 63 +- .../couchbase.com/v2/couchbaseclusters.yaml | 1281 ++++--- .../v2/couchbasecollectiongroups.yaml | 16 +- .../v2/couchbasecollections.yaml | 14 +- .../v2/couchbaseephemeralbuckets.yaml | 59 +- .../couchbase.com/v2/couchbasegroups.yaml | 66 +- .../v2/couchbasememcachedbuckets.yaml | 18 +- .../v2/couchbasemigrationreplications.yaml | 22 +- .../v2/couchbasereplications.yaml | 32 +- .../v2/couchbaserolebindings.yaml | 10 +- .../v2/couchbasescopegroups.yaml | 37 +- .../couchbase.com/v2/couchbasescopes.yaml | 37 +- .../couchbase.com/v2/couchbaseusers.yaml | 8 +- .../v1/compositionrevisions.yaml | 11 +- .../v1/compositions.yaml | 8 +- .../v1beta1/compositionrevisions.yaml | 11 +- .../org.eclipse.che/v2/checlusters.yaml | 5 + .../v1alpha1/clustersecretstores.yaml | 2 +- .../v1alpha1/externalsecrets.yaml | 4 +- .../v1alpha1/secretstores.yaml | 2 +- .../v1beta1/clusterexternalsecrets.yaml | 4 +- .../v1beta1/clustersecretstores.yaml | 25 +- .../v1beta1/externalsecrets.yaml | 6 +- .../v1beta1/secretstores.yaml | 25 +- .../canaries.flanksource.com/v1/canaries.yaml | 12 + .../v1alpha2/clusterfilters.yaml | 69 + .../v1alpha2/clusteroutputs.yaml | 6 + .../fluentbit.fluent.io/v1alpha2/filters.yaml | 69 + .../fluentbit.fluent.io/v1alpha2/outputs.yaml | 6 + .../v1alpha1/alluxioruntimes.yaml | 1 - .../data.fluid.io/v1alpha1/thinruntimes.yaml | 1 - .../v1beta2/buckets.yaml | 31 +- .../v1beta1/grafanas.yaml | 21 + .../v5/teleportroles.yaml | 4 + .../v6/teleportroles.yaml | 4 + .../v1/workloadgroups.yaml | 2 - .../v1alpha3/workloadgroups.yaml | 2 - .../v1beta1/workloadgroups.yaml | 2 - .../v1/grpcroutes.yaml | 10 +- .../v1/httproutes.yaml | 10 +- .../v1alpha2/grpcroutes.yaml | 10 +- .../v1alpha2/tcproutes.yaml | 11 +- .../v1alpha2/tlsroutes.yaml | 11 +- .../v1alpha2/udproutes.yaml | 11 +- .../v1beta1/httproutes.yaml | 10 +- .../kuma.io/v1alpha1/circuitbreakers.yaml | 2 +- .../kuma.io/v1alpha1/containerpatches.yaml | 2 +- .../kuma.io/v1alpha1/dataplaneinsights.yaml | 2 +- .../kuma/kuma.io/v1alpha1/dataplanes.yaml | 2 +- .../kuma.io/v1alpha1/externalservices.yaml | 2 +- .../kuma.io/v1alpha1/faultinjections.yaml | 2 +- .../kuma/kuma.io/v1alpha1/healthchecks.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshaccesslogs.yaml | 2 +- .../kuma.io/v1alpha1/meshcircuitbreakers.yaml | 2 +- .../kumahq/kuma/kuma.io/v1alpha1/meshes.yaml | 2 +- .../kuma.io/v1alpha1/meshfaultinjections.yaml | 2 +- .../kuma.io/v1alpha1/meshgatewayconfigs.yaml | 7 +- .../v1alpha1/meshgatewayinstances.yaml | 15 +- .../kuma.io/v1alpha1/meshgatewayroutes.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshgateways.yaml | 2 +- .../kuma.io/v1alpha1/meshhealthchecks.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshhttproutes.yaml | 6 +- .../kuma/kuma.io/v1alpha1/meshinsights.yaml | 2 +- .../v1alpha1/meshloadbalancingstrategies.yaml | 2 +- .../kuma.io/v1alpha1/meshproxypatches.yaml | 12 +- .../kuma/kuma.io/v1alpha1/meshratelimits.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshretries.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshtcproutes.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshtimeouts.yaml | 2 +- .../kuma/kuma.io/v1alpha1/meshtraces.yaml | 2 +- .../v1alpha1/meshtrafficpermissions.yaml | 2 +- .../kuma/kuma.io/v1alpha1/proxytemplates.yaml | 2 +- .../kuma/kuma.io/v1alpha1/ratelimits.yaml | 2 +- .../kumahq/kuma/kuma.io/v1alpha1/retries.yaml | 2 +- .../kuma.io/v1alpha1/serviceinsights.yaml | 2 +- .../kuma/kuma.io/v1alpha1/timeouts.yaml | 2 +- .../kuma/kuma.io/v1alpha1/trafficlogs.yaml | 2 +- .../kuma.io/v1alpha1/trafficpermissions.yaml | 2 +- .../kuma/kuma.io/v1alpha1/trafficroutes.yaml | 2 +- .../kuma/kuma.io/v1alpha1/traffictraces.yaml | 2 +- .../kuma.io/v1alpha1/virtualoutbounds.yaml | 2 +- .../kuma/kuma.io/v1alpha1/zoneegresses.yaml | 2 +- .../kuma.io/v1alpha1/zoneegressinsights.yaml | 2 +- .../kuma/kuma.io/v1alpha1/zoneingresses.yaml | 2 +- .../kuma.io/v1alpha1/zoneingressinsights.yaml | 2 +- .../kuma/kuma.io/v1alpha1/zoneinsights.yaml | 2 +- .../kumahq/kuma/kuma.io/v1alpha1/zones.yaml | 2 +- .../kyverno.io/v1/clusterpolicies.yaml | 3394 ++++++++++------- .../kyverno/kyverno.io/v1/policies.yaml | 3394 ++++++++++------- .../v2alpha1/globalcontextentries.yaml | 5 + .../kyverno.io/v2beta1/clusterpolicies.yaml | 2292 ++++++----- .../kyverno/kyverno.io/v2beta1/policies.yaml | 2292 ++++++----- .../k8s.mariadb.com/v1alpha1/backups.yaml | 118 +- .../k8s.mariadb.com/v1alpha1/connections.yaml | 12 +- .../k8s.mariadb.com/v1alpha1/databases.yaml | 14 +- .../k8s.mariadb.com/v1alpha1/grants.yaml | 14 +- .../k8s.mariadb.com/v1alpha1/mariadbs.yaml | 804 ++-- .../k8s.mariadb.com/v1alpha1/maxscales.yaml | 372 +- .../k8s.mariadb.com/v1alpha1/restores.yaml | 118 +- .../k8s.mariadb.com/v1alpha1/sqljobs.yaml | 50 +- .../k8s.mariadb.com/v1alpha1/users.yaml | 71 +- .../mutations.gatekeeper.sh/v1/assign.yaml | 4 + .../v1/assignmetadata.yaml | 4 + .../mutations.gatekeeper.sh/v1/modifyset.yaml | 4 + .../v1alpha1/assign.yaml | 4 + .../v1alpha1/assignimage.yaml | 4 + .../v1alpha1/assignmetadata.yaml | 4 + .../v1alpha1/modifyset.yaml | 4 + .../v1beta1/assign.yaml | 4 + .../v1beta1/assignmetadata.yaml | 4 + .../v1beta1/modifyset.yaml | 4 + .../v1alpha1/instrumentations.yaml | 16 +- .../v1alpha1/opampbridges.yaml | 21 +- .../v1alpha1/opentelemetrycollectors.yaml | 38 +- .../v1beta1/opentelemetrycollectors.yaml | 36 +- .../v1alpha1/perconaservermysqlbackups.yaml | 6 +- .../v1alpha1/perconaservermysqlrestores.yaml | 6 +- .../v1alpha1/perconaservermysqls.yaml | 74 +- .../crd.projectcalico.org/v1/bgpfilters.yaml | 52 + .../v1/globalnetworkpolicies.yaml | 5 +- .../v1/networkpolicies.yaml | 5 +- .../crd.projectcalico.org/v1/tiers.yaml | 43 + .../v1/alertmanagers.yaml | 268 +- .../monitoring.coreos.com/v1/podmonitors.yaml | 120 +- .../monitoring.coreos.com/v1/probes.yaml | 90 +- .../v1/prometheuses.yaml | 675 ++-- .../v1/prometheusrules.yaml | 4 +- .../v1/servicemonitors.yaml | 120 +- .../v1/thanosrulers.yaml | 222 +- .../v1alpha1/alertmanagerconfigs.yaml | 680 ++-- .../v1alpha1/prometheusagents.yaml | 484 +-- .../v1alpha1/scrapeconfigs.yaml | 899 ++--- .../v1beta1/alertmanagerconfigs.yaml | 636 +-- .../v1/cephblockpoolradosnamespaces.yaml | 2 +- .../rook/ceph.rook.io/v1/cephblockpools.yaml | 2 +- .../v1/cephbucketnotifications.yaml | 2 +- .../ceph.rook.io/v1/cephbuckettopics.yaml | 2 +- .../rook/ceph.rook.io/v1/cephclients.yaml | 2 +- .../rook/ceph.rook.io/v1/cephclusters.yaml | 46 +- .../rook/ceph.rook.io/v1/cephcosidrivers.yaml | 7 +- .../v1/cephfilesystemmirrors.yaml | 7 +- .../rook/ceph.rook.io/v1/cephfilesystems.yaml | 13 +- .../v1/cephfilesystemsubvolumegroups.yaml | 2 +- .../rook/rook/ceph.rook.io/v1/cephnfses.yaml | 17 +- .../ceph.rook.io/v1/cephobjectrealms.yaml | 2 +- .../ceph.rook.io/v1/cephobjectstores.yaml | 13 +- .../ceph.rook.io/v1/cephobjectstoreusers.yaml | 2 +- .../ceph.rook.io/v1/cephobjectzonegroups.yaml | 2 +- .../rook/ceph.rook.io/v1/cephobjectzones.yaml | 4 +- .../rook/ceph.rook.io/v1/cephrbdmirrors.yaml | 7 +- .../v1/scyllaclusters.yaml | 2 +- .../gloo/gloo.solo.io/v1/settings.yaml | 3 + .../wildfly.org/v1alpha1/wildflyservers.yaml | 6 +- .../v1/operatorconfigurations.yaml | 5 +- .../acid.zalan.do/v1/postgresqls.yaml | 2 +- .../src/acme_cert_manager_io/v1/challenges.rs | 63 +- .../v1alpha1/componentdefinitions.rs | 568 ++- .../src/argoproj_io/v1alpha1/applications.rs | 124 +- .../src/argoproj_io/v1alpha1/appprojects.rs | 15 +- .../src/ceph_rook_io/v1/cephcosidrivers.rs | 7 +- .../ceph_rook_io/v1/cephfilesystemmirrors.rs | 7 +- .../src/ceph_rook_io/v1/cephfilesystems.rs | 9 +- .../src/ceph_rook_io/v1/cephnfses.rs | 19 +- .../src/ceph_rook_io/v1/cephobjectstores.rs | 9 +- .../src/ceph_rook_io/v1/cephobjectzones.rs | 1 - .../src/ceph_rook_io/v1/cephrbdmirrors.rs | 7 +- .../cert_manager_io/v1/certificaterequests.rs | 7 - .../src/cert_manager_io/v1/certificates.rs | 26 - .../src/cert_manager_io/v1/clusterissuers.rs | 63 +- .../src/cert_manager_io/v1/issuers.rs | 63 +- .../couchbase_com/v2/couchbaseautoscalers.rs | 6 +- .../v2/couchbasebackuprestores.rs | 190 +- .../src/couchbase_com/v2/couchbasebackups.rs | 208 +- .../src/couchbase_com/v2/couchbasebuckets.rs | 158 +- .../src/couchbase_com/v2/couchbaseclusters.rs | 3344 +++++++++++++--- .../v2/couchbasecollectiongroups.rs | 18 +- .../couchbase_com/v2/couchbasecollections.rs | 19 +- .../v2/couchbaseephemeralbuckets.rs | 143 +- .../src/couchbase_com/v2/couchbasegroups.rs | 132 +- .../v2/couchbasememcachedbuckets.rs | 17 +- .../v2/couchbasemigrationreplications.rs | 25 +- .../couchbase_com/v2/couchbasereplications.rs | 61 +- .../couchbase_com/v2/couchbaserolebindings.rs | 3 +- .../couchbase_com/v2/couchbasescopegroups.rs | 67 +- .../src/couchbase_com/v2/couchbasescopes.rs | 76 +- .../crd_projectcalico_org/v1/bgpfilters.rs | 40 + .../src/crd_projectcalico_org/v1/mod.rs | 1 + .../src/crd_projectcalico_org/v1/tiers.rs | 23 + .../v1alpha1/externalsecrets.rs | 2 - .../v1beta1/clusterexternalsecrets.rs | 2 - .../v1beta1/clustersecretstores.rs | 31 +- .../v1beta1/externalsecrets.rs | 4 - .../v1beta1/secretstores.rs | 31 +- .../v1beta1/flinkdeployments.rs | 266 ++ .../v1alpha2/clusterfilters.rs | 66 + .../v1alpha2/clusteroutputs.rs | 6 + .../fluentbit_fluent_io/v1alpha2/filters.rs | 66 + .../fluentbit_fluent_io/v1alpha2/outputs.rs | 6 + .../v1/grpcroutes.rs | 10 + .../v1/httproutes.rs | 10 + .../v1alpha2/grpcroutes.rs | 10 + .../v1alpha2/tcproutes.rs | 9 + .../v1alpha2/tlsroutes.rs | 9 + .../v1alpha2/udproutes.rs | 9 + .../v1beta1/httproutes.rs | 10 + .../src/k8s_mariadb_com/v1alpha1/backups.rs | 173 +- .../k8s_mariadb_com/v1alpha1/connections.rs | 4 - .../src/k8s_mariadb_com/v1alpha1/databases.rs | 11 +- .../src/k8s_mariadb_com/v1alpha1/grants.rs | 11 +- .../src/k8s_mariadb_com/v1alpha1/mariadbs.rs | 1069 +++--- .../src/k8s_mariadb_com/v1alpha1/maxscales.rs | 474 +-- .../src/k8s_mariadb_com/v1alpha1/restores.rs | 173 +- .../src/k8s_mariadb_com/v1alpha1/sqljobs.rs | 59 +- .../src/k8s_mariadb_com/v1alpha1/users.rs | 87 +- .../v1alpha1/tenantcontrolplanes.rs | 248 +- .../karpenter_k8s_aws/v1/ec2nodeclasses.rs | 23 - .../v1beta1/ec2nodeclasses.rs | 23 - .../src/karpenter_sh/v1/nodeclaims.rs | 4 - .../src/karpenter_sh/v1/nodepools.rs | 4 - .../src/kuadrant_io/v1alpha1/dnsrecords.rs | 37 +- .../kuma_io/v1alpha1/meshgatewayconfigs.rs | 7 +- .../kuma_io/v1alpha1/meshgatewayinstances.rs | 12 +- .../src/kuma_io/v1alpha1/meshhttproutes.rs | 7 +- .../src/kuma_io/v1alpha1/meshproxypatches.rs | 10 - .../src/kyverno_io/v1/clusterpolicies.rs | 1066 +++++- .../src/kyverno_io/v1/policies.rs | 1066 +++++- .../v2alpha1/globalcontextentries.rs | 3 + .../src/kyverno_io/v2beta1/clusterpolicies.rs | 768 +++- .../src/kyverno_io/v2beta1/policies.rs | 768 +++- kube-custom-resources-rs/src/lib.rs | 1 + .../monitoring_coreos_com/v1/alertmanagers.rs | 318 +- .../monitoring_coreos_com/v1/podmonitors.rs | 96 - .../src/monitoring_coreos_com/v1/probes.rs | 72 - .../monitoring_coreos_com/v1/prometheuses.rs | 703 +--- .../v1/servicemonitors.rs | 96 - .../monitoring_coreos_com/v1/thanosrulers.rs | 279 +- .../v1alpha1/alertmanagerconfigs.rs | 594 +-- .../v1alpha1/prometheusagents.rs | 521 +-- .../v1alpha1/scrapeconfigs.rs | 743 +--- .../v1beta1/alertmanagerconfigs.rs | 550 +-- .../v1alpha1/instrumentations.rs | 14 + .../opentelemetry_io/v1alpha1/opampbridges.rs | 14 + .../v1alpha1/opentelemetrycollectors.rs | 32 +- .../v1beta1/opentelemetrycollectors.rs | 29 +- .../src/org_eclipse_che/v2/checlusters.rs | 5 + .../v1beta1/postgresclusters.rs | 11 + .../v1alpha1/perconaservermysqlbackups.rs | 4 + .../v1alpha1/perconaservermysqlrestores.rs | 4 + .../v1alpha1/perconaservermysqls.rs | 52 +- .../scylla_scylladb_com/v1/scyllaclusters.rs | 2 +- .../v1beta2/buckets.rs | 64 +- .../wildfly_org/v1alpha1/wildflyservers.rs | 6 +- 277 files changed, 22541 insertions(+), 14939 deletions(-) create mode 100644 crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/tiers.yaml create mode 100644 kube-custom-resources-rs/src/crd_projectcalico_org/v1/tiers.rs diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml index 515db15a3..d15f9beaf 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml @@ -2577,6 +2577,15 @@ spec: required: - "repos" type: "object" + snapshots: + description: "VolumeSnapshot configuration" + properties: + volumeSnapshotClassName: + description: "Name of the VolumeSnapshotClass that should be used by VolumeSnapshots" + type: "string" + required: + - "volumeSnapshotClassName" + type: "object" required: - "pgbackrest" type: "object" diff --git a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml index 7c1034bd1..e67c08fbe 100644 --- a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml +++ b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml @@ -102,15 +102,6 @@ spec: - message: "Only HTTP or HTTPS protocols are allowed" rule: "self in ['HTTP','HTTPS']" type: "object" - managedZone: - description: "managedZone is a reference to a ManagedZone instance to which this record will publish its endpoints." - properties: - name: - description: "`name` is the name of the managed zone.\nRequired" - type: "string" - required: - - "name" - type: "object" ownerID: description: "ownerID is a unique string used to identify the owner of this record.\nIf unset or set to an empty string the record UID will be used." maxLength: 36 @@ -119,6 +110,15 @@ spec: x-kubernetes-validations: - message: "OwnerID is immutable" rule: "self == oldSelf" + providerRef: + description: "providerRef is a reference to a provider secret." + properties: + name: + minLength: 1 + type: "string" + required: + - "name" + type: "object" rootHost: description: "rootHost is the single root for all endpoints in a DNSRecord.\nit is expected all defined endpoints are children of or equal to this rootHost\nMust contain at least two groups of valid URL characters separated by a \".\"" maxLength: 255 @@ -126,7 +126,7 @@ spec: pattern: "^(?:[\\w\\-.~:\\/?#[\\]@!$&'()*+,;=]+)\\.(?:[\\w\\-.~:\\/?#[\\]@!$&'()*+,;=]+)$" type: "string" required: - - "managedZone" + - "providerRef" - "rootHost" type: "object" x-kubernetes-validations: @@ -138,7 +138,7 @@ spec: description: "DNSRecordStatus defines the observed state of DNSRecord" properties: conditions: - description: "conditions are any conditions associated with the record in the managed zone.\n\n\nIf publishing the record fails, the \"Failed\" condition will be set with a\nreason and message describing the cause of the failure." + description: "conditions are any conditions associated with the record in the dns provider.\n\n\nIf publishing the record fails, the \"Failed\" condition will be set with a\nreason and message describing the cause of the failure." items: description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: @@ -187,7 +187,7 @@ spec: type: "string" type: "array" endpoints: - description: "endpoints are the last endpoints that were successfully published by the provider\n\n\nProvides a simple mechanism to store the current provider records in order to\ndelete any that are no longer present in DNSRecordSpec.Endpoints\n\n\nNote: This will not be required if/when we switch to using external-dns since when\nrunning with a \"sync\" policy it will clean up unused records automatically." + description: "endpoints are the last endpoints that were successfully published to the provider zone" items: description: "Endpoint is a high-level way of a connection between a service and an IP" properties: @@ -334,7 +334,7 @@ spec: type: "array" type: "object" observedGeneration: - description: "observedGeneration is the most recently observed generation of the\nDNSRecord. When the DNSRecord is updated, the controller updates the\ncorresponding record in each managed zone. If an update for a\nparticular zone fails, that failure is recorded in the status\ncondition for the zone so that the controller can determine that it\nneeds to retry the update for that specific zone." + description: "observedGeneration is the most recently observed generation of the DNSRecord." format: "int64" type: "integer" ownerID: @@ -355,6 +355,12 @@ spec: description: "WriteCounter represent a number of consecutive write attempts on the same generation of the record.\nIt is being reset to 0 when the generation changes or there are no changes to write." format: "int64" type: "integer" + zoneDomainName: + description: "zoneDomainName is the domain name of the zone that the dns record is publishing endpoints" + type: "string" + zoneID: + description: "zoneID is the provider specific id to which this dns record is publishing endpoints" + type: "string" type: "object" type: "object" served: true diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml index d5645a7ed..4e7f36b0f 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml @@ -61,7 +61,7 @@ spec: PublishStrategyOptions: additionalProperties: type: "string" - description: "Generic options that can used by any publish strategy" + description: "Deprecated: no longer in use" type: "object" baseImage: description: "a base image that can be used as base layer for all images.\nIt can be useful if you want to provide some custom base image with further utility software" @@ -1575,7 +1575,7 @@ spec: PublishStrategyOptions: additionalProperties: type: "string" - description: "Generic options that can used by any publish strategy" + description: "Deprecated: no longer in use" type: "object" baseImage: description: "a base image that can be used as base layer for all images.\nIt can be useful if you want to provide some custom base image with further utility software" diff --git a/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml b/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml index 2abe57836..51b80f032 100644 --- a/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml +++ b/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml @@ -42,6 +42,7 @@ spec: - "v1_17" - "v1_18" - "v1_19" + - "v1_20" type: "string" image: type: "string" @@ -893,6 +894,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -1038,6 +1046,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -1436,6 +1446,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -1583,6 +1600,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -1985,6 +2004,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -2130,6 +2156,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -2200,6 +2228,13 @@ spec: type: "array" securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" fsGroup: type: "integer" fsGroupChangePolicy: @@ -3128,6 +3163,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" ephemeralContainerStatuses: @@ -3242,6 +3290,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" hostIP: @@ -3365,6 +3426,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" message: @@ -4197,6 +4271,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -4342,6 +4423,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -4740,6 +4823,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -4887,6 +4977,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -5289,6 +5381,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -5434,6 +5533,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -5504,6 +5605,13 @@ spec: type: "array" securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" fsGroup: type: "integer" fsGroupChangePolicy: @@ -6432,6 +6540,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" ephemeralContainerStatuses: @@ -6546,6 +6667,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" hostIP: @@ -6669,6 +6803,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" message: @@ -7486,6 +7633,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -7631,6 +7785,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -8029,6 +8185,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -8176,6 +8339,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -8578,6 +8743,13 @@ spec: properties: allowPrivilegeEscalation: type: "boolean" + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" capabilities: properties: add: @@ -8723,6 +8895,8 @@ spec: type: "string" readOnly: type: "boolean" + recursiveReadOnly: + type: "string" subPath: type: "string" subPathExpr: @@ -8793,6 +8967,13 @@ spec: type: "array" securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: "string" + type: + type: "string" + type: "object" fsGroup: type: "integer" fsGroupChangePolicy: @@ -9721,6 +9902,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" ephemeralContainerStatuses: @@ -9835,6 +10029,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" hostIP: @@ -9958,6 +10165,19 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + items: + properties: + mountPath: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + type: "object" + type: "array" type: "object" type: "array" message: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml index 386419992..63900d4d2 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml @@ -203,7 +203,7 @@ spec: description: "Defines a set of hooks and procedures that customize the behavior of a Component throughout its lifecycle.\nActions are triggered at specific lifecycle stages:\n\n\n - `postProvision`: Defines the hook to be executed after the creation of a Component,\n with `preCondition` specifying when the action should be fired relative to the Component's lifecycle stages:\n `Immediately`, `RuntimeReady`, `ComponentReady`, and `ClusterReady`.\n - `preTerminate`: Defines the hook to be executed before terminating a Component.\n - `roleProbe`: Defines the procedure which is invoked regularly to assess the role of replicas.\n - `switchover`: Defines the procedure for a controlled transition of leadership from the current leader to a new replica.\n This approach aims to minimize downtime and maintain availability in systems with a leader-follower topology,\n such as before planned maintenance or upgrades on the current leader node.\n - `memberJoin`: Defines the procedure to add a new replica to the replication group.\n - `memberLeave`: Defines the method to remove a replica from the replication group.\n - `readOnly`: Defines the procedure to switch a replica into the read-only state.\n - `readWrite`: transition a replica from the read-only state back to the read-write state.\n - `dataDump`: Defines the procedure to export the data from a replica.\n - `dataLoad`: Defines the procedure to import data into a replica.\n - `reconfigure`: Defines the procedure that update a replica with new configuration file.\n - `accountProvision`: Defines the procedure to generate a new database account.\n\n\nThis field is immutable." properties: accountProvision: - description: "Defines the procedure to generate a new database account.\n\n\nUse Case:\nThis action is designed to create system accounts that are utilized for replication, monitoring, backup,\nand other administrative tasks.\n\n\nNote: This field is immutable once it has been set." + description: "Defines the procedure to generate a new database account.\n\n\nUse Case:\nThis action is designed to create system accounts that are utilized for replication, monitoring, backup,\nand other administrative tasks.\n\n\nThe container executing this action has access to following variables:\n\n\n- KB_ACCOUNT_NAME: The name of the system account to be created.\n- KB_ACCOUNT_PASSWORD: The password for the system account. // TODO: how to pass the password securely?\n- KB_ACCOUNT_STATEMENT: The statement used to create the system account.\n\n\nNote: This field is immutable once it has been set." properties: exec: description: "Defines the command to run.\n\n\nThis field cannot be updated." @@ -219,7 +219,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -306,13 +306,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -359,7 +359,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -446,13 +446,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -499,7 +499,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -586,13 +586,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -639,7 +639,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -726,13 +726,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -779,7 +779,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -866,13 +866,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -903,7 +903,7 @@ spec: type: "integer" type: "object" postProvision: - description: "Specifies the hook to be executed after a component's creation.\n\n\nBy setting `postProvision.customHandler.preCondition`, you can determine the specific lifecycle stage\nat which the action should trigger: `Immediately`, `RuntimeReady`, `ComponentReady`, and `ClusterReady`.\nwith `ComponentReady` being the default.\n\n\nThe PostProvision Action is intended to run only once.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., \"pod1,pod2\").\n- KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component\n (e.g., \"pod1,pod2\").\n- KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted\n (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted\n (e.g., \"comp1,comp2\").\n\n\nNote: This field is immutable once it has been set." + description: "Specifies the hook to be executed after a component's creation.\n\n\nBy setting `postProvision.customHandler.preCondition`, you can determine the specific lifecycle stage\nat which the action should trigger: `Immediately`, `RuntimeReady`, `ComponentReady`, and `ClusterReady`.\nwith `ComponentReady` being the default.\n\n\nThe PostProvision Action is intended to run only once.\n\n\nNote: This field is immutable once it has been set." properties: exec: description: "Defines the command to run.\n\n\nThis field cannot be updated." @@ -919,7 +919,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1006,13 +1006,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -1043,7 +1043,7 @@ spec: type: "integer" type: "object" preTerminate: - description: "Specifies the hook to be executed prior to terminating a component.\n\n\nThe PreTerminate Action is intended to run only once.\n\n\nThis action is executed immediately when a scale-down operation for the Component is initiated.\nThe actual termination and cleanup of the Component and its associated resources will not proceed\nuntil the PreTerminate action has completed successfully.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., \"pod1,pod2\").\n- KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component\n (e.g., \"pod1,pod2\").\n- KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted\n (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted\n (e.g., \"comp1,comp2\").\n\n\n- KB_CLUSTER_COMPONENT_IS_SCALING_IN: Indicates whether the component is currently scaling in.\n If this variable is present and set to \"true\", it denotes that the component is undergoing a scale-in operation.\n During scale-in, data rebalancing is necessary to maintain cluster integrity.\n Contrast this with a cluster deletion scenario where data rebalancing is not required as the entire cluster\n is being cleaned up.\n\n\nNote: This field is immutable once it has been set." + description: "Specifies the hook to be executed prior to terminating a component.\n\n\nThe PreTerminate Action is intended to run only once.\n\n\nThis action is executed immediately when a scale-down operation for the Component is initiated.\nThe actual termination and cleanup of the Component and its associated resources will not proceed\nuntil the PreTerminate action has completed successfully.\n\n\nNote: This field is immutable once it has been set." properties: exec: description: "Defines the command to run.\n\n\nThis field cannot be updated." @@ -1059,7 +1059,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1146,13 +1146,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -1199,7 +1199,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1286,13 +1286,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -1339,7 +1339,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1426,13 +1426,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -1479,7 +1479,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1566,13 +1566,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -1619,7 +1619,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1706,13 +1706,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -1759,7 +1759,7 @@ spec: type: "integer" type: "object" switchover: - description: "Defines the procedure for a controlled transition of leadership from the current leader to a new replica.\nThis approach aims to minimize downtime and maintain availability in systems with a leader-follower topology,\nduring events such as planned maintenance or when performing stop, shutdown, restart, or upgrade operations\ninvolving the current leader node.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_LEADER_POD_IP: The IP address of the current leader's pod prior to the switchover.\n- KB_LEADER_POD_NAME: The name of the current leader's pod prior to the switchover.\n- KB_LEADER_POD_FQDN: The FQDN of the current leader's pod prior to the switchover.\n- KB_SWITCHOVER_CANDIDATE_NAME: The name of the pod for the new leader candidate, which may not be specified (empty).\n- KB_SWITCHOVER_CANDIDATE_FQDN: The FQDN of the new leader candidate's pod, which may not be specified (empty).\n\n\nNote: This field is immutable once it has been set." + description: "Defines the procedure for a controlled transition of leadership from the current leader to a new replica.\nThis approach aims to minimize downtime and maintain availability in systems with a leader-follower topology,\nduring events such as planned maintenance or when performing stop, shutdown, restart, or upgrade operations\ninvolving the current leader node.\n\n\nThe container executing this action has access to following variables:\n\n\n- KB_SWITCHOVER_CANDIDATE_NAME: The name of the pod for the new leader candidate, which may not be specified (empty).\n- KB_SWITCHOVER_CANDIDATE_FQDN: The FQDN of the new leader candidate's pod, which may not be specified (empty).\n\n\nNote: This field is immutable once it has been set." properties: exec: description: "Defines the command to run.\n\n\nThis field cannot be updated." @@ -1775,7 +1775,7 @@ spec: type: "string" type: "array" container: - description: "Defines the name of the container within the target Pod where the action will be executed.\n\n\nThis name must correspond to one of the containers defined in `componentDefinition.spec.runtime`.\nIf this field is not specified, the default behavior is to use the first container listed in\n`componentDefinition.spec.runtime`.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Specifies the name of the container within the same pod whose resources will be shared with the action.\nThis allows the action to utilize the specified container's resources without executing within it.\n\n\nThe name must match one of the containers defined in `componentDefinition.spec.runtime`.\n\n\nThe resources that can be shared are included:\n\n\n- volume mounts\n\n\nThis field cannot be updated." type: "string" env: description: "Represents a list of environment variables that will be injected into the container.\nThese variables enable the container to adapt its behavior based on the environment it's running in.\n\n\nThis field cannot be updated." @@ -1862,13 +1862,13 @@ spec: type: "object" type: "array" image: - description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nThis field is mutually exclusive with the `container` field; only one of them should be provided.\n\n\nThis field cannot be updated." + description: "Specifies the container image to be used for running the Action.\n\n\nWhen specified, a dedicated container will be created using this image to execute the Action.\nAll actions with same image will share the same container.\n\n\nThis field cannot be updated." type: "string" matchingKey: - description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Used in conjunction with the `targetPodSelector` field to refine the selection of target pod(s) for Action execution.\nThe impact of this field depends on the `targetPodSelector` value:\n\n\n- When `targetPodSelector` is set to `Any` or `All`, this field will be ignored.\n- When `targetPodSelector` is set to `Role`, only those replicas whose role matches the `matchingKey`\n will be selected for the Action.\n\n\nThis field cannot be updated." type: "string" targetPodSelector: - description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nThis field cannot be updated.\n\n\nNote: This field is reserved for future use and is not currently active." + description: "Defines the criteria used to select the target Pod(s) for executing the Action.\nThis is useful when there is no default target replica identified.\nIt allows for precise control over which Pod(s) the Action should run in.\n\n\nIf not specified, the Action will be executed in the pod where the Action is triggered, such as the pod\nto be removed or added; or a random pod if the Action is triggered at the component level, such as\npost-provision or pre-terminate of the component.\n\n\nThis field cannot be updated." enum: - "Any" - "All" @@ -6770,6 +6770,28 @@ spec: valueFrom: description: "Source for the variable's value. Cannot be used if value is not empty." properties: + clusterVarRef: + description: "Selects a defined var of a Cluster." + properties: + clusterName: + description: "Reference to the name of the Cluster object." + enum: + - "Required" + - "Optional" + type: "string" + clusterUID: + description: "Reference to the UID of the Cluster object." + enum: + - "Required" + - "Optional" + type: "string" + namespace: + description: "Reference to the namespace of the Cluster object." + enum: + - "Required" + - "Optional" + type: "string" + type: "object" componentVarRef: description: "Selects a defined var of a Component." properties: @@ -6782,12 +6804,6 @@ spec: - "Required" - "Optional" type: "string" - instanceNames: - description: "Reference to the instanceName list of the component.\nand the value will be presented in the following format: instanceName1,instanceName2,..." - enum: - - "Required" - - "Optional" - type: "string" multipleClusterObjectOption: description: "This option defines the behavior when multiple component objects match the specified @CompDef.\nIf not provided, an error will be raised when handling multiple matches." properties: @@ -6838,6 +6854,36 @@ spec: - "Required" - "Optional" type: "string" + podFQDNsForRole: + description: "Reference to the pod FQDN list of the component that have a specific role.\nThe value will be presented in the following format: FQDN1,FQDN2,..." + properties: + option: + description: "VarOption defines whether a variable is required or optional." + enum: + - "Required" + - "Optional" + type: "string" + role: + type: "string" + type: "object" + podNames: + description: "Reference to the pod name list of the component.\nand the value will be presented in the following format: name1,name2,..." + enum: + - "Required" + - "Optional" + type: "string" + podNamesForRole: + description: "Reference to the pod name list of the component that have a specific role.\nThe value will be presented in the following format: name1,name2,..." + properties: + option: + description: "VarOption defines whether a variable is required or optional." + enum: + - "Required" + - "Optional" + type: "string" + role: + type: "string" + type: "object" replicas: description: "Reference to the replicas of the component." enum: @@ -7167,6 +7213,12 @@ spec: - "Optional" type: "string" type: "object" + serviceType: + description: "ServiceType references the type of the service." + enum: + - "Required" + - "Optional" + type: "string" type: "object" type: "object" required: diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml index c5a4d24f4..8f8d579b6 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml @@ -28,16 +28,20 @@ spec: name: "Revision" priority: 10 type: "string" + - jsonPath: ".spec.project" + name: "Project" + priority: 10 + type: "string" name: "v1alpha1" schema: openAPIV3Schema: description: "Application is a definition of Application resource." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -122,15 +126,15 @@ spec: type: "object" type: "array" revision: - description: "Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec." + description: "Revision is the revision (Git) or chart version (Helm) which to sync the application to\nIf omitted, will use the revision specified in app spec." type: "string" revisions: - description: "Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to If omitted, will use the revision specified in app spec." + description: "Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to\nIf omitted, will use the revision specified in app spec." items: type: "string" type: "array" source: - description: "Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation" + description: "Source overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation" properties: chart: description: "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo." @@ -400,13 +404,13 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" type: "object" sources: - description: "Sources overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation" + description: "Sources overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation" items: description: "ApplicationSource contains all required information about the source of an application" properties: @@ -678,7 +682,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -696,14 +700,14 @@ spec: description: "Apply will perform a `kubectl apply` to perform the sync." properties: force: - description: "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times." + description: "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times." type: "boolean" type: "object" hook: description: "Hook will submit any referenced resources to perform the sync. This is the default strategy" properties: force: - description: "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times." + description: "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times." type: "boolean" type: "object" type: "object" @@ -719,7 +723,7 @@ spec: description: "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set." type: "string" namespace: - description: "Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" + description: "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" type: "string" server: description: "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set." @@ -743,7 +747,7 @@ spec: kind: type: "string" managedFieldsManagers: - description: "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the desired state defined in the SCM and won't be displayed in diffs" + description: "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the\ndesired state defined in the SCM and won't be displayed in diffs" items: type: "string" type: "array" @@ -769,10 +773,10 @@ spec: type: "object" type: "array" project: - description: "Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project." + description: "Project is a reference to the project this application belongs to.\nThe empty string means that application belongs to the 'default' project." type: "string" revisionHistoryLimit: - description: "RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10." + description: "RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.\nThis should only be changed in exceptional circumstances.\nSetting to zero will store no history. This will reduce storage used.\nIncreasing will increase the space used to store the history, so we do not recommend increasing it.\nDefault is 10." format: "int64" type: "integer" source: @@ -1046,7 +1050,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -1324,7 +1328,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -1732,7 +1736,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -2010,7 +2014,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -2022,7 +2026,7 @@ spec: type: "object" type: "array" observedAt: - description: "ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field" + description: "ObservedAt indicates when the application state was updated without querying latest git state\nDeprecated: controller no longer updates ObservedAt field" format: "date-time" type: "string" operationState: @@ -2116,15 +2120,15 @@ spec: type: "object" type: "array" revision: - description: "Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec." + description: "Revision is the revision (Git) or chart version (Helm) which to sync the application to\nIf omitted, will use the revision specified in app spec." type: "string" revisions: - description: "Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to If omitted, will use the revision specified in app spec." + description: "Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to\nIf omitted, will use the revision specified in app spec." items: type: "string" type: "array" source: - description: "Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation" + description: "Source overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation" properties: chart: description: "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo." @@ -2394,13 +2398,13 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" type: "object" sources: - description: "Sources overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation" + description: "Sources overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation" items: description: "ApplicationSource contains all required information about the source of an application" properties: @@ -2672,7 +2676,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -2690,14 +2694,14 @@ spec: description: "Apply will perform a `kubectl apply` to perform the sync." properties: force: - description: "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times." + description: "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times." type: "boolean" type: "object" hook: description: "Hook will submit any referenced resources to perform the sync. This is the default strategy" properties: force: - description: "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times." + description: "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times." type: "boolean" type: "object" type: "object" @@ -2738,7 +2742,7 @@ spec: description: "Group specifies the API group of the resource" type: "string" hookPhase: - description: "HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources." + description: "HookPhase contains the state of any operation associated with this resource OR hook\nThis can also contain values for non-hook resources." type: "string" hookType: description: "HookType specifies the type of the hook. Empty for non-hook resources" @@ -3051,7 +3055,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -3329,7 +3333,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -3353,7 +3357,7 @@ spec: resources: description: "Resources is a list of Kubernetes resources managed by this application" items: - description: "ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type" + description: "ResourceStatus holds the current sync and health status of a resource\nTODO: describe members of this type" properties: group: type: "string" @@ -3423,7 +3427,7 @@ spec: description: "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set." type: "string" namespace: - description: "Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" + description: "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" type: "string" server: description: "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set." @@ -3447,7 +3451,7 @@ spec: kind: type: "string" managedFieldsManagers: - description: "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the desired state defined in the SCM and won't be displayed in diffs" + description: "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the\ndesired state defined in the SCM and won't be displayed in diffs" items: type: "string" type: "array" @@ -3730,7 +3734,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" @@ -4008,7 +4012,7 @@ spec: description: "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests" type: "string" targetRevision: - description: "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version." + description: "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version." type: "string" required: - "repoURL" diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml index e07d1e00c..d28e5e45d 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml @@ -61,6 +61,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: type: "string" requeueAfterSeconds: @@ -657,6 +658,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" template: properties: metadata: @@ -2419,6 +2421,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: type: "string" requeueAfterSeconds: @@ -3015,6 +3018,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" template: properties: metadata: @@ -6880,6 +6884,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" type: "array" template: @@ -7476,6 +7481,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: type: "string" requeueAfterSeconds: @@ -8072,6 +8078,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" template: properties: metadata: @@ -11937,6 +11944,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" type: "array" mergeKeys: @@ -14637,6 +14645,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" type: "array" goTemplate: @@ -15295,11 +15304,16 @@ spec: type: "string" step: type: "string" + targetRevisions: + items: + type: "string" + type: "array" required: - "application" - "message" - "status" - "step" + - "targetRevisions" type: "object" type: "array" conditions: @@ -15323,6 +15337,37 @@ spec: - "type" type: "object" type: "array" + resources: + items: + properties: + group: + type: "string" + health: + properties: + message: + type: "string" + status: + type: "string" + type: "object" + hook: + type: "boolean" + kind: + type: "string" + name: + type: "string" + namespace: + type: "string" + requiresPruning: + type: "boolean" + status: + type: "string" + syncWave: + format: "int64" + type: "integer" + version: + type: "string" + type: "object" + type: "array" type: "object" required: - "metadata" diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml index 3ee5dab60..28e52e69b 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml @@ -20,13 +20,13 @@ spec: - name: "v1alpha1" schema: openAPIV3Schema: - description: "AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)" + description: "AppProject provides a logical grouping of applications, providing controls for:\n* where the apps may deploy to (cluster whitelist)\n* what may be deployed (repository whitelist, resource whitelist/blacklist)\n* who can access these applications (roles, OIDC group claims bindings)\n* and what they can do (RBAC policies)\n* automation access to these roles (JWT tokens)" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -36,7 +36,7 @@ spec: clusterResourceBlacklist: description: "ClusterResourceBlacklist contains list of blacklisted cluster level resources" items: - description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types" + description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types" properties: group: type: "string" @@ -50,7 +50,7 @@ spec: clusterResourceWhitelist: description: "ClusterResourceWhitelist contains list of whitelisted cluster level resources" items: - description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types" + description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types" properties: group: type: "string" @@ -73,7 +73,7 @@ spec: description: "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set." type: "string" namespace: - description: "Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" + description: "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" type: "string" server: description: "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set." @@ -83,7 +83,7 @@ spec: namespaceResourceBlacklist: description: "NamespaceResourceBlacklist contains list of blacklisted namespace level resources" items: - description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types" + description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types" properties: group: type: "string" @@ -97,7 +97,7 @@ spec: namespaceResourceWhitelist: description: "NamespaceResourceWhitelist contains list of whitelisted namespace level resources" items: - description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types" + description: "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types" properties: group: type: "string" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml index 6607a1b4d..f8b623b53 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ec2nodeclasses.karpenter.k8s.aws" spec: conversion: @@ -134,7 +134,7 @@ spec: description: "Encrypted indicates whether the EBS volume is encrypted. Encrypted volumes can only\nbe attached to instances that support Amazon EBS encryption. If you are creating\na volume from a snapshot, you can't specify an encryption value." type: "boolean" iops: - description: "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes,\nthis represents the number of IOPS that are provisioned for the volume. For\ngp2 volumes, this represents the baseline performance of the volume and the\nrate at which the volume accumulates I/O credits for bursting.\n\n\nThe following are the supported values for each volume type:\n\n\n * gp3: 3,000-16,000 IOPS\n\n\n * io1: 100-64,000 IOPS\n\n\n * io2: 100-64,000 IOPS\n\n\nFor io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built\non the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).\nOther instance families guarantee performance up to 32,000 IOPS.\n\n\nThis parameter is supported for io1, io2, and gp3 volumes only. This parameter\nis not supported for gp2, st1, sc1, or standard volumes." + description: "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes,\nthis represents the number of IOPS that are provisioned for the volume. For\ngp2 volumes, this represents the baseline performance of the volume and the\nrate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n * gp3: 3,000-16,000 IOPS\n\n * io1: 100-64,000 IOPS\n\n * io2: 100-64,000 IOPS\n\nFor io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built\non the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).\nOther instance families guarantee performance up to 32,000 IOPS.\n\nThis parameter is supported for io1, io2, and gp3 volumes only. This parameter\nis not supported for gp2, st1, sc1, or standard volumes." format: "int64" type: "integer" kmsKeyID: @@ -148,7 +148,7 @@ spec: format: "int64" type: "integer" volumeSize: - description: "VolumeSize in `Gi`, `G`, `Ti`, or `T`. You must specify either a snapshot ID or\na volume size. The following are the supported volumes sizes for each volume\ntype:\n\n\n * gp2 and gp3: 1-16,384\n\n\n * io1 and io2: 4-16,384\n\n\n * st1 and sc1: 125-16,384\n\n\n * standard: 1-1,024" + description: "VolumeSize in `Gi`, `G`, `Ti`, or `T`. You must specify either a snapshot ID or\na volume size. The following are the supported volumes sizes for each volume\ntype:\n\n * gp2 and gp3: 1-16,384\n\n * io1 and io2: 4-16,384\n\n * st1 and sc1: 125-16,384\n\n * standard: 1-1,024" pattern: "^((?:[1-9][0-9]{0,3}|[1-4][0-9]{4}|[5][0-8][0-9]{3}|59000)Gi|(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-3][0-9]{3}|64000)G|([1-9]||[1-5][0-7]|58)Ti|([1-9]||[1-5][0-9]|6[0-3]|64)T)$" type: "string" volumeType: @@ -291,11 +291,11 @@ spec: httpProtocolIPv6: "disabled" httpPutResponseHopLimit: 1 httpTokens: "required" - description: "MetadataOptions for the generated launch template of provisioned nodes.\n\n\nThis specifies the exposure of the Instance Metadata Service to\nprovisioned EC2 nodes. For more information,\nsee Instance Metadata and User Data\n(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)\nin the Amazon Elastic Compute Cloud User Guide.\n\n\nRefer to recommended, security best practices\n(https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)\nfor limiting exposure of Instance Metadata and User Data to pods.\nIf omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6\ndisabled, with httpPutResponseLimit of 1, and with httpTokens\nrequired." + description: "MetadataOptions for the generated launch template of provisioned nodes.\n\nThis specifies the exposure of the Instance Metadata Service to\nprovisioned EC2 nodes. For more information,\nsee Instance Metadata and User Data\n(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)\nin the Amazon Elastic Compute Cloud User Guide.\n\nRefer to recommended, security best practices\n(https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)\nfor limiting exposure of Instance Metadata and User Data to pods.\nIf omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6\ndisabled, with httpPutResponseLimit of 1, and with httpTokens\nrequired." properties: httpEndpoint: default: "enabled" - description: "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned\nnodes. If metadata options is non-nil, but this parameter is not specified,\nthe default state is \"enabled\".\n\n\nIf you specify a value of \"disabled\", instance metadata will not be accessible\non the node." + description: "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned\nnodes. If metadata options is non-nil, but this parameter is not specified,\nthe default state is \"enabled\".\n\nIf you specify a value of \"disabled\", instance metadata will not be accessible\non the node." enum: - "enabled" - "disabled" @@ -316,7 +316,7 @@ spec: type: "integer" httpTokens: default: "required" - description: "HTTPTokens determines the state of token usage for instance metadata\nrequests. If metadata options is non-nil, but this parameter is not\nspecified, the default state is \"required\".\n\n\nIf the state is optional, one can choose to retrieve instance metadata with\nor without a signed token header on the request. If one retrieves the IAM\nrole credentials without a token, the version 1.0 role credentials are\nreturned. If one retrieves the IAM role credentials using a valid signed\ntoken, the version 2.0 role credentials are returned.\n\n\nIf the state is \"required\", one must send a signed token header with any\ninstance metadata retrieval requests. In this state, retrieving the IAM\nrole credentials always returns the version 2.0 credentials; the version\n1.0 credentials are not available." + description: "HTTPTokens determines the state of token usage for instance metadata\nrequests. If metadata options is non-nil, but this parameter is not\nspecified, the default state is \"required\".\n\nIf the state is optional, one can choose to retrieve instance metadata with\nor without a signed token header on the request. If one retrieves the IAM\nrole credentials without a token, the version 1.0 role credentials are\nreturned. If one retrieves the IAM role credentials using a valid signed\ntoken, the version 2.0 role credentials are returned.\n\nIf the state is \"required\", one must send a signed token header with any\ninstance metadata retrieval requests. In this state, retrieving the IAM\nrole credentials always returns the version 2.0 credentials; the version\n1.0 credentials are not available." enum: - "required" - "optional" @@ -507,7 +507,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1beta1/ec2nodeclasses.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1beta1/ec2nodeclasses.yaml index 968190486..eb2117a21 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1beta1/ec2nodeclasses.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1beta1/ec2nodeclasses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ec2nodeclasses.karpenter.k8s.aws" spec: conversion: @@ -108,7 +108,7 @@ spec: description: "Encrypted indicates whether the EBS volume is encrypted. Encrypted volumes can only\nbe attached to instances that support Amazon EBS encryption. If you are creating\na volume from a snapshot, you can't specify an encryption value." type: "boolean" iops: - description: "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes,\nthis represents the number of IOPS that are provisioned for the volume. For\ngp2 volumes, this represents the baseline performance of the volume and the\nrate at which the volume accumulates I/O credits for bursting.\n\n\nThe following are the supported values for each volume type:\n\n\n * gp3: 3,000-16,000 IOPS\n\n\n * io1: 100-64,000 IOPS\n\n\n * io2: 100-64,000 IOPS\n\n\nFor io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built\non the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).\nOther instance families guarantee performance up to 32,000 IOPS.\n\n\nThis parameter is supported for io1, io2, and gp3 volumes only. This parameter\nis not supported for gp2, st1, sc1, or standard volumes." + description: "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes,\nthis represents the number of IOPS that are provisioned for the volume. For\ngp2 volumes, this represents the baseline performance of the volume and the\nrate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n * gp3: 3,000-16,000 IOPS\n\n * io1: 100-64,000 IOPS\n\n * io2: 100-64,000 IOPS\n\nFor io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built\non the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).\nOther instance families guarantee performance up to 32,000 IOPS.\n\nThis parameter is supported for io1, io2, and gp3 volumes only. This parameter\nis not supported for gp2, st1, sc1, or standard volumes." format: "int64" type: "integer" kmsKeyID: @@ -122,7 +122,7 @@ spec: format: "int64" type: "integer" volumeSize: - description: "VolumeSize in `Gi`, `G`, `Ti`, or `T`. You must specify either a snapshot ID or\na volume size. The following are the supported volumes sizes for each volume\ntype:\n\n\n * gp2 and gp3: 1-16,384\n\n\n * io1 and io2: 4-16,384\n\n\n * st1 and sc1: 125-16,384\n\n\n * standard: 1-1,024" + description: "VolumeSize in `Gi`, `G`, `Ti`, or `T`. You must specify either a snapshot ID or\na volume size. The following are the supported volumes sizes for each volume\ntype:\n\n * gp2 and gp3: 1-16,384\n\n * io1 and io2: 4-16,384\n\n * st1 and sc1: 125-16,384\n\n * standard: 1-1,024" pattern: "^((?:[1-9][0-9]{0,3}|[1-4][0-9]{4}|[5][0-8][0-9]{3}|59000)Gi|(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-3][0-9]{3}|64000)G|([1-9]||[1-5][0-7]|58)Ti|([1-9]||[1-5][0-9]|6[0-3]|64)T)$" type: "string" volumeType: @@ -172,11 +172,11 @@ spec: httpProtocolIPv6: "disabled" httpPutResponseHopLimit: 1 httpTokens: "required" - description: "MetadataOptions for the generated launch template of provisioned nodes.\n\n\nThis specifies the exposure of the Instance Metadata Service to\nprovisioned EC2 nodes. For more information,\nsee Instance Metadata and User Data\n(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)\nin the Amazon Elastic Compute Cloud User Guide.\n\n\nRefer to recommended, security best practices\n(https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)\nfor limiting exposure of Instance Metadata and User Data to pods.\nIf omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6\ndisabled, with httpPutResponseLimit of 1, and with httpTokens\nrequired." + description: "MetadataOptions for the generated launch template of provisioned nodes.\n\nThis specifies the exposure of the Instance Metadata Service to\nprovisioned EC2 nodes. For more information,\nsee Instance Metadata and User Data\n(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)\nin the Amazon Elastic Compute Cloud User Guide.\n\nRefer to recommended, security best practices\n(https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)\nfor limiting exposure of Instance Metadata and User Data to pods.\nIf omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6\ndisabled, with httpPutResponseLimit of 1, and with httpTokens\nrequired." properties: httpEndpoint: default: "enabled" - description: "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned\nnodes. If metadata options is non-nil, but this parameter is not specified,\nthe default state is \"enabled\".\n\n\nIf you specify a value of \"disabled\", instance metadata will not be accessible\non the node." + description: "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned\nnodes. If metadata options is non-nil, but this parameter is not specified,\nthe default state is \"enabled\".\n\nIf you specify a value of \"disabled\", instance metadata will not be accessible\non the node." enum: - "enabled" - "disabled" @@ -197,7 +197,7 @@ spec: type: "integer" httpTokens: default: "required" - description: "HTTPTokens determines the state of token usage for instance metadata\nrequests. If metadata options is non-nil, but this parameter is not\nspecified, the default state is \"required\".\n\n\nIf the state is optional, one can choose to retrieve instance metadata with\nor without a signed token header on the request. If one retrieves the IAM\nrole credentials without a token, the version 1.0 role credentials are\nreturned. If one retrieves the IAM role credentials using a valid signed\ntoken, the version 2.0 role credentials are returned.\n\n\nIf the state is \"required\", one must send a signed token header with any\ninstance metadata retrieval requests. In this state, retrieving the IAM\nrole credentials always returns the version 2.0 credentials; the version\n1.0 credentials are not available." + description: "HTTPTokens determines the state of token usage for instance metadata\nrequests. If metadata options is non-nil, but this parameter is not\nspecified, the default state is \"required\".\n\nIf the state is optional, one can choose to retrieve instance metadata with\nor without a signed token header on the request. If one retrieves the IAM\nrole credentials without a token, the version 1.0 role credentials are\nreturned. If one retrieves the IAM role credentials using a valid signed\ntoken, the version 2.0 role credentials are returned.\n\nIf the state is \"required\", one must send a signed token header with any\ninstance metadata retrieval requests. In this state, retrieving the IAM\nrole credentials always returns the version 2.0 credentials; the version\n1.0 credentials are not available." enum: - "required" - "optional" @@ -378,7 +378,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml index 56940b598..fe512d0dc 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodeclaims.karpenter.sh" spec: conversion: @@ -227,7 +227,7 @@ spec: type: "object" type: "array" terminationGracePeriod: - description: "TerminationGracePeriod is the maximum duration the controller will wait before forcefully deleting the pods on a node, measured from when deletion is first initiated.\n\n\nWarning: this feature takes precedence over a Pod's terminationGracePeriodSeconds value, and bypasses any blocked PDBs or the karpenter.sh/do-not-disrupt annotation.\n\n\nThis field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period.\nWhen set, drifted nodes will begin draining even if there are pods blocking eviction. Draining will respect PDBs and the do-not-disrupt annotation until the TGP is reached.\n\n\nKarpenter will preemptively delete pods so their terminationGracePeriodSeconds align with the node's terminationGracePeriod.\nIf a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout,\nthat pod will be deleted at T = node timeout - pod terminationGracePeriodSeconds.\n\n\nThe feature can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks.\nIf left undefined, the controller will wait indefinitely for pods to be drained." + description: "TerminationGracePeriod is the maximum duration the controller will wait before forcefully deleting the pods on a node, measured from when deletion is first initiated.\n\nWarning: this feature takes precedence over a Pod's terminationGracePeriodSeconds value, and bypasses any blocked PDBs or the karpenter.sh/do-not-disrupt annotation.\n\nThis field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period.\nWhen set, drifted nodes will begin draining even if there are pods blocking eviction. Draining will respect PDBs and the do-not-disrupt annotation until the TGP is reached.\n\nKarpenter will preemptively delete pods so their terminationGracePeriodSeconds align with the node's terminationGracePeriod.\nIf a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout,\nthat pod will be deleted at T = node timeout - pod terminationGracePeriodSeconds.\n\nThe feature can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks.\nIf left undefined, the controller will wait indefinitely for pods to be drained." pattern: "^([0-9]+(s|m|h))+$" type: "string" required: @@ -289,7 +289,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml index b57ecb7c0..33bab8d82 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodepools.karpenter.sh" spec: conversion: @@ -309,7 +309,7 @@ spec: type: "object" type: "array" terminationGracePeriod: - description: "TerminationGracePeriod is the maximum duration the controller will wait before forcefully deleting the pods on a node, measured from when deletion is first initiated.\n\n\nWarning: this feature takes precedence over a Pod's terminationGracePeriodSeconds value, and bypasses any blocked PDBs or the karpenter.sh/do-not-disrupt annotation.\n\n\nThis field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period.\nWhen set, drifted nodes will begin draining even if there are pods blocking eviction. Draining will respect PDBs and the do-not-disrupt annotation until the TGP is reached.\n\n\nKarpenter will preemptively delete pods so their terminationGracePeriodSeconds align with the node's terminationGracePeriod.\nIf a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout,\nthat pod will be deleted at T = node timeout - pod terminationGracePeriodSeconds.\n\n\nThe feature can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks.\nIf left undefined, the controller will wait indefinitely for pods to be drained." + description: "TerminationGracePeriod is the maximum duration the controller will wait before forcefully deleting the pods on a node, measured from when deletion is first initiated.\n\nWarning: this feature takes precedence over a Pod's terminationGracePeriodSeconds value, and bypasses any blocked PDBs or the karpenter.sh/do-not-disrupt annotation.\n\nThis field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period.\nWhen set, drifted nodes will begin draining even if there are pods blocking eviction. Draining will respect PDBs and the do-not-disrupt annotation until the TGP is reached.\n\nKarpenter will preemptively delete pods so their terminationGracePeriodSeconds align with the node's terminationGracePeriod.\nIf a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout,\nthat pod will be deleted at T = node timeout - pod terminationGracePeriodSeconds.\n\nThe feature can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks.\nIf left undefined, the controller will wait indefinitely for pods to be drained." pattern: "^([0-9]+(s|m|h))+$" type: "string" required: @@ -363,7 +363,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodeclaims.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodeclaims.yaml index 8a830b05c..3d26b4fe7 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodeclaims.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodeclaims.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodeclaims.karpenter.sh" spec: conversion: @@ -364,7 +364,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodepools.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodepools.yaml index bcfd4a481..0b004324d 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodepools.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1beta1/nodepools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodepools.karpenter.sh" spec: conversion: @@ -442,7 +442,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/cert-manager/cert-manager/acme.cert-manager.io/v1/challenges.yaml b/crd-catalog/cert-manager/cert-manager/acme.cert-manager.io/v1/challenges.yaml index 00356d07b..ae6a34c16 100644 --- a/crd-catalog/cert-manager/cert-manager/acme.cert-manager.io/v1/challenges.yaml +++ b/crd-catalog/cert-manager/cert-manager/acme.cert-manager.io/v1/challenges.yaml @@ -404,40 +404,40 @@ spec: parentRefs: description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute.\ncert-manager needs to know which parentRefs should be used when creating\nthe HTTPRoute. Usually, the parentRef references a Gateway. See:\nhttps://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" - description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core" maxLength: 253 pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: - description: "Name is the name of the referent.\n\n\nSupport: Core" + description: "Name is the name of the referent.\n\nSupport: Core" maxLength: 253 minLength: 1 type: "string" namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\nSupport: Core" maxLength: 63 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" port: - description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -646,13 +646,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -751,13 +751,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -855,13 +855,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -960,13 +960,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1027,7 +1027,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1044,7 +1044,7 @@ spec: description: "If specified, the pod's security context" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1084,7 +1084,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1374,13 +1374,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1479,13 +1479,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1583,13 +1583,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1688,13 +1688,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1755,7 +1755,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1772,7 +1772,7 @@ spec: description: "If specified, the pod's security context" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1812,7 +1812,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" diff --git a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificaterequests.yaml b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificaterequests.yaml index c264ea8f0..5242ca494 100644 --- a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificaterequests.yaml +++ b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificaterequests.yaml @@ -49,7 +49,7 @@ spec: name: "v1" schema: openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate from one of the\nconfigured issuers.\n\n\nAll fields within the CertificateRequest's `spec` are immutable after creation.\nA CertificateRequest will either succeed or fail, as denoted by its `Ready` status\ncondition and its `status.failureTime` field.\n\n\nA CertificateRequest is a one-shot resource, meaning it represents a single\npoint in time request for a certificate and cannot be re-used." + description: "A CertificateRequest is used to request a signed certificate from one of the\nconfigured issuers.\n\nAll fields within the CertificateRequest's `spec` are immutable after creation.\nA CertificateRequest will either succeed or fail, as denoted by its `Ready` status\ncondition and its `status.failureTime` field.\n\nA CertificateRequest is a one-shot resource, meaning it represents a single\npoint in time request for a certificate and cannot be re-used." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -79,10 +79,10 @@ spec: type: "array" x-kubernetes-list-type: "atomic" isCA: - description: "Requested basic constraints isCA value. Note that the issuer may choose\nto ignore the requested isCA value, just like any other requested attribute.\n\n\nNOTE: If the CSR in the `Request` field has a BasicConstraints extension,\nit must have the same isCA value as specified here.\n\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`." + description: "Requested basic constraints isCA value. Note that the issuer may choose\nto ignore the requested isCA value, just like any other requested attribute.\n\nNOTE: If the CSR in the `Request` field has a BasicConstraints extension,\nit must have the same isCA value as specified here.\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`." type: "boolean" issuerRef: - description: "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\n\nThe `name` field of the reference must always be specified." + description: "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\nThe `name` field of the reference must always be specified." properties: group: description: "Group of the resource being referred to." @@ -97,16 +97,16 @@ spec: - "name" type: "object" request: - description: "The PEM-encoded X.509 certificate signing request to be submitted to the\nissuer for signing.\n\n\nIf the CSR has a BasicConstraints extension, its isCA attribute must\nmatch the `isCA` value of this CertificateRequest.\nIf the CSR has a KeyUsage extension, its key usages must match the\nkey usages in the `usages` field of this CertificateRequest.\nIf the CSR has a ExtKeyUsage extension, its extended key usages\nmust match the extended key usages in the `usages` field of this\nCertificateRequest." + description: "The PEM-encoded X.509 certificate signing request to be submitted to the\nissuer for signing.\n\nIf the CSR has a BasicConstraints extension, its isCA attribute must\nmatch the `isCA` value of this CertificateRequest.\nIf the CSR has a KeyUsage extension, its key usages must match the\nkey usages in the `usages` field of this CertificateRequest.\nIf the CSR has a ExtKeyUsage extension, its extended key usages\nmust match the extended key usages in the `usages` field of this\nCertificateRequest." format: "byte" type: "string" uid: description: "UID contains the uid of the user that created the CertificateRequest.\nPopulated by the cert-manager webhook on creation and immutable." type: "string" usages: - description: "Requested key usages and extended key usages.\n\n\nNOTE: If the CSR in the `Request` field has uses the KeyUsage or\nExtKeyUsage extension, these extensions must have the same values\nas specified here without any additional values.\n\n\nIf unset, defaults to `digital signature` and `key encipherment`." + description: "Requested key usages and extended key usages.\n\nNOTE: If the CSR in the `Request` field has uses the KeyUsage or\nExtKeyUsage extension, these extensions must have the same values\nas specified here without any additional values.\n\nIf unset, defaults to `digital signature` and `key encipherment`." items: - description: "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"" + description: "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"" enum: - "signing" - "digital signature" diff --git a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificates.yaml b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificates.yaml index 31207065f..66aff7d7b 100644 --- a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificates.yaml +++ b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/certificates.yaml @@ -44,7 +44,7 @@ spec: name: "v1" schema: openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to date and signed\nX.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.\n\n\nThe stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)." + description: "A Certificate resource should be created to ensure an up to date and signed\nX.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.\n\nThe stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -58,7 +58,7 @@ spec: description: "Specification of the desired state of the Certificate resource.\nhttps://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: additionalOutputFormats: - description: "Defines extra output formats of the private key and signed certificate chain\nto be written to this Certificate's target Secret.\n\n\nThis is a Beta Feature enabled by default. It can be disabled with the\n`--feature-gates=AdditionalCertificateOutputFormats=false` option set on both\nthe controller and webhook components." + description: "Defines extra output formats of the private key and signed certificate chain\nto be written to this Certificate's target Secret.\n\nThis is a Beta Feature enabled by default. It can be disabled with the\n`--feature-gates=AdditionalCertificateOutputFormats=false` option set on both\nthe controller and webhook components." items: description: "CertificateAdditionalOutputFormat defines an additional output format of a\nCertificate resource. These contain supplementary data formats of the signed\ncertificate chain and paired private key." properties: @@ -73,7 +73,7 @@ spec: type: "object" type: "array" commonName: - description: "Requested common name X509 certificate subject attribute.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\nNOTE: TLS clients will ignore this value when any subject alternative name is\nset (see https://tools.ietf.org/html/rfc6125#section-6.4.4).\n\n\nShould have a length of 64 characters or fewer to avoid generating invalid CSRs.\nCannot be set if the `literalSubject` field is set." + description: "Requested common name X509 certificate subject attribute.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\nNOTE: TLS clients will ignore this value when any subject alternative name is\nset (see https://tools.ietf.org/html/rfc6125#section-6.4.4).\n\nShould have a length of 64 characters or fewer to avoid generating invalid CSRs.\nCannot be set if the `literalSubject` field is set." type: "string" dnsNames: description: "Requested DNS subject alternative names." @@ -81,7 +81,7 @@ spec: type: "string" type: "array" duration: - description: "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the\nissuer may choose to ignore the requested duration, just like any other\nrequested attribute.\n\n\nIf unset, this defaults to 90 days.\nMinimum accepted duration is 1 hour.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration." + description: "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the\nissuer may choose to ignore the requested duration, just like any other\nrequested attribute.\n\nIf unset, this defaults to 90 days.\nMinimum accepted duration is 1 hour.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration." type: "string" emailAddresses: description: "Requested email subject alternative names." @@ -89,7 +89,7 @@ spec: type: "string" type: "array" encodeUsagesInRequest: - description: "Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR.\n\n\nThis option defaults to true, and should only be disabled if the target\nissuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions." + description: "Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR.\n\nThis option defaults to true, and should only be disabled if the target\nissuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions." type: "boolean" ipAddresses: description: "Requested IP address subject alternative names." @@ -97,10 +97,10 @@ spec: type: "string" type: "array" isCA: - description: "Requested basic constraints isCA value.\nThe isCA value is used to set the `isCA` field on the created CertificateRequest\nresources. Note that the issuer may choose to ignore the requested isCA value, just\nlike any other requested attribute.\n\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`." + description: "Requested basic constraints isCA value.\nThe isCA value is used to set the `isCA` field on the created CertificateRequest\nresources. Note that the issuer may choose to ignore the requested isCA value, just\nlike any other requested attribute.\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`." type: "boolean" issuerRef: - description: "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\n\nThe `name` field of the reference must always be specified." + description: "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\nThe `name` field of the reference must always be specified." properties: group: description: "Group of the resource being referred to." @@ -161,7 +161,7 @@ spec: - "name" type: "object" profile: - description: "Profile specifies the key and certificate encryption algorithms and the HMAC algorithm\nused to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility.\n\n\nIf provided, allowed values are:\n`LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.\n`LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.\n`Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms\n(eg. because of company policy). Please note that the security of the algorithm is not that important\nin reality, because the unencrypted certificate and private key are also stored in the Secret." + description: "Profile specifies the key and certificate encryption algorithms and the HMAC algorithm\nused to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility.\n\nIf provided, allowed values are:\n`LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.\n`LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.\n`Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms\n(eg. because of company policy). Please note that the security of the algorithm is not that important\nin reality, because the unencrypted certificate and private key are also stored in the Secret." enum: - "LegacyRC2" - "LegacyDES" @@ -173,10 +173,10 @@ spec: type: "object" type: "object" literalSubject: - description: "Requested X.509 certificate subject, represented using the LDAP \"String\nRepresentation of a Distinguished Name\" [1].\nImportant: the LDAP string format also specifies the order of the attributes\nin the subject, this is important when issuing certs for LDAP authentication.\nExample: `CN=foo,DC=corp,DC=example,DC=com`\nMore info [1]: https://datatracker.ietf.org/doc/html/rfc4514\nMore info: https://github.com/cert-manager/cert-manager/issues/3203\nMore info: https://github.com/cert-manager/cert-manager/issues/4424\n\n\nCannot be set if the `subject` or `commonName` field is set." + description: "Requested X.509 certificate subject, represented using the LDAP \"String\nRepresentation of a Distinguished Name\" [1].\nImportant: the LDAP string format also specifies the order of the attributes\nin the subject, this is important when issuing certs for LDAP authentication.\nExample: `CN=foo,DC=corp,DC=example,DC=com`\nMore info [1]: https://datatracker.ietf.org/doc/html/rfc4514\nMore info: https://github.com/cert-manager/cert-manager/issues/3203\nMore info: https://github.com/cert-manager/cert-manager/issues/4424\n\nCannot be set if the `subject` or `commonName` field is set." type: "string" nameConstraints: - description: "x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate.\nMore Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10\n\n\nThis is an Alpha Feature and is only enabled with the\n`--feature-gates=NameConstraints=true` option set on both\nthe controller and webhook components." + description: "x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate.\nMore Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10\n\nThis is an Alpha Feature and is only enabled with the\n`--feature-gates=NameConstraints=true` option set on both\nthe controller and webhook components." properties: critical: description: "if true then the name constraints are marked critical." @@ -246,37 +246,37 @@ spec: description: "Private key options. These include the key algorithm and size, the used\nencoding and the rotation policy." properties: algorithm: - description: "Algorithm is the private key algorithm of the corresponding private key\nfor this certificate.\n\n\nIf provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`.\nIf `algorithm` is specified and `size` is not provided,\nkey size of 2048 will be used for `RSA` key algorithm and\nkey size of 256 will be used for `ECDSA` key algorithm.\nkey size is ignored when using the `Ed25519` key algorithm." + description: "Algorithm is the private key algorithm of the corresponding private key\nfor this certificate.\n\nIf provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`.\nIf `algorithm` is specified and `size` is not provided,\nkey size of 2048 will be used for `RSA` key algorithm and\nkey size of 256 will be used for `ECDSA` key algorithm.\nkey size is ignored when using the `Ed25519` key algorithm." enum: - "RSA" - "ECDSA" - "Ed25519" type: "string" encoding: - description: "The private key cryptography standards (PKCS) encoding for this\ncertificate's private key to be encoded in.\n\n\nIf provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1\nand PKCS#8, respectively.\nDefaults to `PKCS1` if not specified." + description: "The private key cryptography standards (PKCS) encoding for this\ncertificate's private key to be encoded in.\n\nIf provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1\nand PKCS#8, respectively.\nDefaults to `PKCS1` if not specified." enum: - "PKCS1" - "PKCS8" type: "string" rotationPolicy: - description: "RotationPolicy controls how private keys should be regenerated when a\nre-issuance is being processed.\n\n\nIf set to `Never`, a private key will only be generated if one does not\nalready exist in the target `spec.secretName`. If one does exists but it\ndoes not have the correct algorithm or size, a warning will be raised\nto await user intervention.\nIf set to `Always`, a private key matching the specified requirements\nwill be generated whenever a re-issuance occurs.\nDefault is `Never` for backward compatibility." + description: "RotationPolicy controls how private keys should be regenerated when a\nre-issuance is being processed.\n\nIf set to `Never`, a private key will only be generated if one does not\nalready exist in the target `spec.secretName`. If one does exists but it\ndoes not have the correct algorithm or size, a warning will be raised\nto await user intervention.\nIf set to `Always`, a private key matching the specified requirements\nwill be generated whenever a re-issuance occurs.\nDefault is `Never` for backward compatibility." enum: - "Never" - "Always" type: "string" size: - description: "Size is the key bit size of the corresponding private key for this certificate.\n\n\nIf `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,\nand will default to `2048` if not specified.\nIf `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,\nand will default to `256` if not specified.\nIf `algorithm` is set to `Ed25519`, Size is ignored.\nNo other values are allowed." + description: "Size is the key bit size of the corresponding private key for this certificate.\n\nIf `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,\nand will default to `2048` if not specified.\nIf `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,\nand will default to `256` if not specified.\nIf `algorithm` is set to `Ed25519`, Size is ignored.\nNo other values are allowed." type: "integer" type: "object" renewBefore: - description: "How long before the currently issued certificate's expiry cert-manager should\nrenew the certificate. For example, if a certificate is valid for 60 minutes,\nand `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate\n50 minutes after it was issued (i.e. when there are 10 minutes remaining until\nthe certificate is no longer valid).\n\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\n\nIf unset, this defaults to 1/3 of the issued certificate's lifetime.\nMinimum accepted value is 5 minutes.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.\nCannot be set if the `renewBeforePercentage` field is set." + description: "How long before the currently issued certificate's expiry cert-manager should\nrenew the certificate. For example, if a certificate is valid for 60 minutes,\nand `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate\n50 minutes after it was issued (i.e. when there are 10 minutes remaining until\nthe certificate is no longer valid).\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\nIf unset, this defaults to 1/3 of the issued certificate's lifetime.\nMinimum accepted value is 5 minutes.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.\nCannot be set if the `renewBeforePercentage` field is set." type: "string" renewBeforePercentage: - description: "`renewBeforePercentage` is like `renewBefore`, except it is a relative percentage\nrather than an absolute duration. For example, if a certificate is valid for 60\nminutes, and `renewBeforePercentage=25`, cert-manager will begin to attempt to\nrenew the certificate 45 minutes after it was issued (i.e. when there are 15\nminutes (25%) remaining until the certificate is no longer valid).\n\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\n\nValue must be an integer in the range (0,100). The minimum effective\n`renewBefore` derived from the `renewBeforePercentage` and `duration` fields is 5\nminutes.\nCannot be set if the `renewBefore` field is set." + description: "`renewBeforePercentage` is like `renewBefore`, except it is a relative percentage\nrather than an absolute duration. For example, if a certificate is valid for 60\nminutes, and `renewBeforePercentage=25`, cert-manager will begin to attempt to\nrenew the certificate 45 minutes after it was issued (i.e. when there are 15\nminutes (25%) remaining until the certificate is no longer valid).\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\nValue must be an integer in the range (0,100). The minimum effective\n`renewBefore` derived from the `renewBeforePercentage` and `duration` fields is 5\nminutes.\nCannot be set if the `renewBefore` field is set." format: "int32" type: "integer" revisionHistoryLimit: - description: "The maximum number of CertificateRequest revisions that are maintained in\nthe Certificate's history. Each revision represents a single `CertificateRequest`\ncreated by this Certificate, either when it was created, renewed, or Spec\nwas changed. Revisions will be removed by oldest first if the number of\nrevisions exceeds this number.\n\n\nIf set, revisionHistoryLimit must be a value of `1` or greater.\nIf unset (`nil`), revisions will not be garbage collected.\nDefault value is `nil`." + description: "The maximum number of CertificateRequest revisions that are maintained in\nthe Certificate's history. Each revision represents a single `CertificateRequest`\ncreated by this Certificate, either when it was created, renewed, or Spec\nwas changed. Revisions will be removed by oldest first if the number of\nrevisions exceeds this number.\n\nIf set, revisionHistoryLimit must be a value of `1` or greater.\nIf unset (`nil`), revisions will not be garbage collected.\nDefault value is `nil`." format: "int32" type: "integer" secretName: @@ -297,7 +297,7 @@ spec: type: "object" type: "object" subject: - description: "Requested set of X509 certificate subject attributes.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\n\n\nThe common name attribute is specified separately in the `commonName` field.\nCannot be set if the `literalSubject` field is set." + description: "Requested set of X509 certificate subject attributes.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\n\nThe common name attribute is specified separately in the `commonName` field.\nCannot be set if the `literalSubject` field is set." properties: countries: description: "Countries to be used on the Certificate." @@ -344,9 +344,9 @@ spec: type: "string" type: "array" usages: - description: "Requested key usages and extended key usages.\nThese usages are used to set the `usages` field on the created CertificateRequest\nresources. If `encodeUsagesInRequest` is unset or set to `true`, the usages\nwill additionally be encoded in the `request` field which contains the CSR blob.\n\n\nIf unset, defaults to `digital signature` and `key encipherment`." + description: "Requested key usages and extended key usages.\nThese usages are used to set the `usages` field on the created CertificateRequest\nresources. If `encodeUsagesInRequest` is unset or set to `true`, the usages\nwill additionally be encoded in the `request` field which contains the CSR blob.\n\nIf unset, defaults to `digital signature` and `key encipherment`." items: - description: "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"" + description: "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"" enum: - "signing" - "digital signature" @@ -440,7 +440,7 @@ spec: format: "date-time" type: "string" revision: - description: "The current 'revision' of the certificate as issued.\n\n\nWhen a CertificateRequest resource is created, it will have the\n`cert-manager.io/certificate-revision` set to one greater than the\ncurrent value of this field.\n\n\nUpon issuance, this field will be set to the value of the annotation\non the CertificateRequest resource used to issue the certificate.\n\n\nPersisting the value on the CertificateRequest resource allows the\ncertificates controller to know whether a request is part of an old\nissuance or if it is part of the ongoing revision's issuance by\nchecking if the revision value in the annotation is greater than this\nfield." + description: "The current 'revision' of the certificate as issued.\n\nWhen a CertificateRequest resource is created, it will have the\n`cert-manager.io/certificate-revision` set to one greater than the\ncurrent value of this field.\n\nUpon issuance, this field will be set to the value of the annotation\non the CertificateRequest resource used to issue the certificate.\n\nPersisting the value on the CertificateRequest resource allows the\ncertificates controller to know whether a request is part of an old\nissuance or if it is part of the ongoing revision's issuance by\nchecking if the revision value in the annotation is greater than this\nfield." type: "integer" type: "object" type: "object" diff --git a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml index 6e478d557..701d701e9 100644 --- a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml +++ b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml @@ -446,40 +446,40 @@ spec: parentRefs: description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute.\ncert-manager needs to know which parentRefs should be used when creating\nthe HTTPRoute. Usually, the parentRef references a Gateway. See:\nhttps://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" - description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core" maxLength: 253 pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: - description: "Name is the name of the referent.\n\n\nSupport: Core" + description: "Name is the name of the referent.\n\nSupport: Core" maxLength: 253 minLength: 1 type: "string" namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\nSupport: Core" maxLength: 63 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" port: - description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -688,13 +688,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -793,13 +793,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -897,13 +897,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1002,13 +1002,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1069,7 +1069,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1086,7 +1086,7 @@ spec: description: "If specified, the pod's security context" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1126,7 +1126,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1416,13 +1416,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1521,13 +1521,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1625,13 +1625,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1730,13 +1730,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1797,7 +1797,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1814,7 +1814,7 @@ spec: description: "If specified, the pod's security context" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1854,7 +1854,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" diff --git a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml index 94016e47b..5f2c30c15 100644 --- a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml +++ b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml @@ -447,40 +447,40 @@ spec: parentRefs: description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute.\ncert-manager needs to know which parentRefs should be used when creating\nthe HTTPRoute. Usually, the parentRef references a Gateway. See:\nhttps://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" - description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core" maxLength: 253 pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" type: "string" name: - description: "Name is the name of the referent.\n\n\nSupport: Core" + description: "Name is the name of the referent.\n\nSupport: Core" maxLength: 253 minLength: 1 type: "string" namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\nSupport: Core" maxLength: 63 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" port: - description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -689,13 +689,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -794,13 +794,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -898,13 +898,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1003,13 +1003,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1070,7 +1070,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1087,7 +1087,7 @@ spec: description: "If specified, the pod's security context" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1127,7 +1127,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1417,13 +1417,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1522,13 +1522,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1626,13 +1626,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1731,13 +1731,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1798,7 +1798,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1815,7 +1815,7 @@ spec: description: "If specified, the pod's security context" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1855,7 +1855,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" diff --git a/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/datastores.yaml b/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/datastores.yaml index a480b37d9..1029f001c 100644 --- a/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/datastores.yaml +++ b/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/datastores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "datastores.kamaji.clastix.io" spec: group: "kamaji.clastix.io" diff --git a/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/tenantcontrolplanes.yaml b/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/tenantcontrolplanes.yaml index aa9c887d2..603f0293a 100644 --- a/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/tenantcontrolplanes.yaml +++ b/crd-catalog/clastix/kamaji/kamaji.clastix.io/v1alpha1/tenantcontrolplanes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "tenantcontrolplanes.kamaji.clastix.io" spec: group: "kamaji.clastix.io" @@ -142,13 +142,16 @@ spec: description: "Resources define the amount of CPU and memory to allocate to the Konnectivity server." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -239,7 +242,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -289,7 +292,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -316,7 +319,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -331,7 +334,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -530,7 +533,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -668,7 +672,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -768,13 +773,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -844,7 +852,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -883,7 +891,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -930,7 +938,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1061,7 +1070,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1123,7 +1132,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1173,7 +1182,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1200,7 +1209,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1215,7 +1224,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1414,7 +1423,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1552,7 +1562,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1652,13 +1663,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1728,7 +1742,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1767,7 +1781,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1814,7 +1828,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1945,7 +1960,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2000,7 +2015,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2030,7 +2045,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2060,7 +2075,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2083,7 +2098,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -2111,12 +2126,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -2162,7 +2179,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2186,7 +2203,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2226,7 +2243,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -2247,7 +2264,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2335,10 +2352,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -2447,7 +2464,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -2464,7 +2481,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -2508,7 +2525,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2529,7 +2546,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -2576,7 +2593,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -2587,6 +2604,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -2597,7 +2624,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -2606,6 +2633,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -2626,7 +2654,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2704,12 +2732,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -2785,7 +2813,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -2872,7 +2900,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -2928,12 +2956,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -2943,6 +2972,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -2953,11 +2983,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -2968,6 +2999,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -2984,7 +3016,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2992,6 +3024,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -3057,7 +3090,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3270,13 +3303,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3375,13 +3408,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3479,13 +3512,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3584,13 +3617,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3717,13 +3750,16 @@ spec: description: "ResourceRequirements describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3754,13 +3790,16 @@ spec: description: "ResourceRequirements describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3791,13 +3830,16 @@ spec: description: "Define the kine container resources.\nAvailable only if Kamaji is running using Kine as backing storage." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3828,13 +3870,16 @@ spec: description: "ResourceRequirements describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3878,7 +3923,7 @@ spec: description: "Strategy describes how to replace existing pods with new ones for the given Tenant Control Plane.\nDefault value is set to Rolling Update, with a blue/green strategy." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -3959,7 +4004,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3969,14 +4014,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -4267,7 +4312,7 @@ spec: conditions: description: "Current service state" items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -4296,7 +4341,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -4333,7 +4378,7 @@ spec: items: properties: error: - description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -4342,10 +4387,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "Protocol is the protocol of the service port of which status is recorded here\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" @@ -4656,7 +4701,7 @@ spec: description: "IngressPortStatus represents the error condition of a service port" properties: error: - description: "error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -4665,10 +4710,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "protocol is the protocol of the ingress port.\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" @@ -4694,7 +4739,7 @@ spec: conditions: description: "Current service state" items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -4723,7 +4768,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -4760,7 +4805,7 @@ spec: items: properties: error: - description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -4769,10 +4814,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "Protocol is the protocol of the service port of which status is recorded here\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" diff --git a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml index 2e376b782..440c75786 100644 --- a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml +++ b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml @@ -3761,6 +3761,9 @@ spec: items: type: "string" type: "array" + status: + description: "Status contain the status reported by the plugin through the SetStatusInCluster interface" + type: "string" version: description: "Version is the version of the plugin loaded by the\nlatest reconciliation loop" type: "string" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseautoscalers.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseautoscalers.yaml index d9551b888..a1f2aace9 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseautoscalers.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseautoscalers.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbaseautoscalers.couchbase.com" spec: group: "couchbase.com" @@ -26,13 +26,13 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "CouchbaseAutoscaler provides an interface for the Kubernetes Horizontal Pod Autoscaler to interactive with the Couchbase cluster and provide autoscaling. This resource is not defined by the end user, and is managed by the Operator." + description: "CouchbaseAutoscaler provides an interface for the Kubernetes Horizontal Pod Autoscaler\nto interact with the Couchbase cluster and provide autoscaling. This resource is\nnot defined by the end user, and is managed by the Operator." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -52,10 +52,10 @@ spec: - "size" type: "object" status: - description: "CouchbaseAutoscalerStatus provides information to the HPA to assist with scaling server groups." + description: "CouchbaseAutoscalerStatus provides information to the HPA to assist with scaling\nserver groups." properties: labelSelector: - description: "LabelSelector allows the HPA to select resources to monitor for resource utilization in order to trigger scaling." + description: "LabelSelector allows the HPA to select resources to monitor for resource\nutilization in order to trigger scaling." type: "string" size: description: "Size is the current size of the server group." diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackuprestores.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackuprestores.yaml index b4b3a3c16..74d5b175d 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackuprestores.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackuprestores.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasebackuprestores.couchbase.com" spec: group: "couchbase.com" @@ -38,18 +38,18 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "CouchbaseBackupRestore allows the restoration of all Couchbase cluster data from a CouchbaseBackup resource." + description: "CouchbaseBackupRestore allows the restoration of all Couchbase cluster data from\na CouchbaseBackup resource." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "CouchbaseBackupRestoreSpec allows the specification of data restoration to be configured. This includes the backup and repository to restore data from, and the time range of data to be restored." + description: "CouchbaseBackupRestoreSpec allows the specification of data restoration to be\nconfigured. This includes the backup and repository to restore data from, and\nthe time range of data to be restored." properties: backoffLimit: default: 2 @@ -57,19 +57,19 @@ spec: format: "int32" type: "integer" backup: - description: "The backup resource name associated with this restore, or the backup PVC name to restore from." + description: "The backup resource name associated with this restore, or the backup PVC\nname to restore from." type: "string" buckets: - description: "DEPRECATED - by spec.data. Specific buckets can be explicitly included or excluded in the restore, as well as bucket mappings. This field is now ignored." + description: "DEPRECATED - by spec.data.\nSpecific buckets can be explicitly included or excluded in the restore,\nas well as bucket mappings. This field is now ignored." type: "object" x-kubernetes-preserve-unknown-fields: true data: - description: "Data allows control over what key-value/document data is included in the restore. By default, all data is included." + description: "Data allows control over what key-value/document data is included in the\nrestore. By default, all data is included." properties: exclude: - description: "Exclude defines the buckets, scopes or collections that are excluded from the backup. When this field is set, it implies that by default everything will be backed up, and data items can be explicitly excluded. You may define an exclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Excluded data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as included items." + description: "Exclude defines the buckets, scopes or collections that are excluded from the backup.\nWhen this field is set, it implies that by default everything will be backed up,\nand data items can be explicitly excluded. You may define an exclusion as a bucket\n-- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`.\nBuckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as\nperiod is the separator used to delimit scopes and collections. Excluded data cannot overlap\ne.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot\nbe used at the same time as included items." items: - description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. The _default scope and collection are valid for this type. As these names are period separated, and buckets can contain periods, the latter need to be escaped. This specification is based on cbbackupmgr." + description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection.\nThe _default scope and collection are valid for this type.\nAs these names are period separated, and buckets can contain periods, the latter need\nto be escaped. This specification is based on cbbackupmgr." pattern: "^(?:[a-zA-Z0-9\\-_%]|\\\\.){1,100}(\\._default(\\._default)?|\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29}(\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29})?)?$" type: "string" minItems: 1 @@ -82,25 +82,25 @@ spec: description: "FilterValues only restores documents whose values match the provided regular expression." type: "string" include: - description: "Include defines the buckets, scopes or collections that are included in the restore. When this field is set, it implies that by default nothing will be restored, and data items must be explicitly included. You may define an inclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Included data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as excluded items." + description: "Include defines the buckets, scopes or collections that are included in the restore.\nWhen this field is set, it implies that by default nothing will be restored,\nand data items must be explicitly included. You may define an inclusion as a bucket\n-- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`.\nBuckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as\nperiod is the separator used to delimit scopes and collections. Included data cannot overlap\ne.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot\nbe used at the same time as excluded items." items: - description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. The _default scope and collection are valid for this type. As these names are period separated, and buckets can contain periods, the latter need to be escaped. This specification is based on cbbackupmgr." + description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection.\nThe _default scope and collection are valid for this type.\nAs these names are period separated, and buckets can contain periods, the latter need\nto be escaped. This specification is based on cbbackupmgr." pattern: "^(?:[a-zA-Z0-9\\-_%]|\\\\.){1,100}(\\._default(\\._default)?|\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29}(\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29})?)?$" type: "string" minItems: 1 type: "array" x-kubernetes-list-type: "set" map: - description: "Map allows data items in the restore to be remapped to a different named container. Buckets can be remapped to other buckets e.g. \"source=target\", scopes and collections can be remapped to other scopes and collections within the same bucket only e.g. \"bucket.scope=bucket.other\" or \"bucket.scope.collection=bucket.scope.other\". Map sources may only be specified once, and may not overlap." + description: "Map allows data items in the restore to be remapped to a different named container.\nBuckets can be remapped to other buckets e.g. \"source=target\", scopes and collections\ncan be remapped to other scopes and collections within the same bucket only e.g.\n\"bucket.scope=bucket.other\" or \"bucket.scope.collection=bucket.scope.other\". Map\nsources may only be specified once, and may not overlap." items: description: "RestoreMapping allows data to be migrated on restore." properties: source: - description: "Source defines the data source of the mapping, this may be either a bucket, scope or collection." + description: "Source defines the data source of the mapping, this may be either\na bucket, scope or collection." pattern: "^(?:[a-zA-Z0-9\\-_%]|\\\\.){1,100}(\\._default(\\._default)?|\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29}(\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29})?)?$" type: "string" target: - description: "Target defines the data target of the mapping, this may be either a bucket, scope or collection, and must refer to the same type as the restore source." + description: "Target defines the data target of the mapping, this may be either\na bucket, scope or collection, and must refer to the same type\nas the restore source." pattern: "^(?:[a-zA-Z0-9\\-_%]|\\\\.){1,100}(\\._default(\\._default)?|\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29}(\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29})?)?$" type: "string" required: @@ -113,7 +113,7 @@ spec: x-kubernetes-list-type: "map" type: "object" end: - description: "End denotes the last backup to restore from. Omitting this field will only restore the backup referenced by start. This may be specified as an integer index (starting from 1), a string specifying a short date DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords." + description: "End denotes the last backup to restore from. Omitting this field will only\nrestore the backup referenced by start. This may be specified as\nan integer index (starting from 1), a string specifying a short date\nDD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords." properties: int: description: "Int references a relative backup by index." @@ -124,44 +124,48 @@ spec: type: "string" type: "object" forceUpdates: - description: "Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer than the restore" + description: "Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer.\nBy default, the system does not force updates,\nand all updates use Couchbase's conflict resolution mechanism to ensure\nthat if newer data exists on the cluster,\nolder restored data does not overwrite it.\nHowever, if `couchbasebackuprestores.spec.forceUpdates` is true,\nthen the backup record will _always_ overwrite the cluster record,\nregardless of Couchbase's conflict resolution." type: "boolean" logRetention: default: "168h" - description: "Number of hours to hold restore script logs for, everything older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration" + description: "Number of hours to hold restore script logs for, everything older will be deleted.\nMore info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" objectStore: description: "The remote destination for backup." properties: endpoint: - description: "Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. If set will override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores" + description: "Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store.\nIf set will override `CouchbaseCluster.spec.backup.objectEndpoint`\nSee https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores" properties: secret: - description: "The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name \"tls.crt\"" + description: "The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint\nThe secret must have the key with the name \"tls.crt\"" type: "string" url: description: "The host/address of the custom object endpoint." type: "string" useVirtualPath: - description: "UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores." + description: "UseVirtualPath will force the AWS SDK to use the new virtual style paths\nwhich are often required by S3 compatible object stores." type: "boolean" type: "object" secret: - description: "ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2" + description: "ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token.\nThese correspond to the fields used by cbbackupmgr\nhttps://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2" type: "string" uri: - description: "URI is a reference to a remote object store. This is the prefix of the object store and the bucket name. i.e s3://bucket, az://bucket or gs://bucket." + description: "URI is a reference to a remote object store.\nThis is the prefix of the object store and the bucket name.\ni.e s3://bucket, az://bucket or gs://bucket." pattern: "^(az|s3|gs)://.{3,}$" type: "string" useIAM: - description: "Whether to allow the backup SDK to attempt to authenticate using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`." + description: "Whether to allow the backup SDK to attempt to authenticate\nusing the instance metadata api.\nIf set, will override `CouchbaseCluster.spec.backup.useIAM`." type: "boolean" type: "object" + overwriteUsers: + default: false + description: "Overwrites the already existing users in the cluster when user restoration is enabled (spec.services.users).\nThe default behavior of backup/restore of users is to skip already existing users.\nThis is only available for Couchbase Server 7.6 and later.\nThis field defaults to `false`." + type: "boolean" repo: - description: "Repo is the backup folder to restore from. If no repository is specified, the backup container will choose the latest." + description: "Repo is the backup folder to restore from. If no repository is specified,\nthe backup container will choose the latest." type: "string" s3bucket: - description: "DEPRECATED - by spec.objectStore.uri Name of S3 bucket to restore from. If non-empty this overrides local backup." + description: "DEPRECATED - by spec.objectStore.uri\nName of S3 bucket to restore from. If non-empty this overrides local backup." pattern: "^s3://[a-z0-9-\\.\\/]{3,63}$" type: "string" services: @@ -170,42 +174,46 @@ spec: properties: analytics: default: true - description: "Analytics restores analytics datasets from the backup. This field defaults to true." + description: "Analytics restores analytics datasets from the backup. This field\ndefaults to true." type: "boolean" bucketConfig: - description: "BucketConfig restores all bucket configuration settings. If you are restoring to cluster with managed buckets, then this option may conflict with existing bucket settings, and the results are undefined, so avoid use. This option is intended for use with unmanaged buckets. Note that bucket durability settings are not restored in versions less than and equal to 1.1.0, and will need to be manually applied. This field defaults to false." + description: "BucketConfig restores all bucket configuration settings.\nIf you are restoring to cluster with managed buckets, then this\noption may conflict with existing bucket settings, and the results\nare undefined, so avoid use. This option is intended for use\nwith unmanaged buckets. Note that bucket durability settings are\nnot restored in versions less than and equal to 1.1.0, and will\nneed to be manually applied. This field defaults to false." type: "boolean" bucketQuery: default: true - description: "BucketQuery enables the backup of query metadata for all buckets. This field defaults to `true`." + description: "BucketQuery enables the backup of query metadata for all buckets.\nThis field defaults to `true`." type: "boolean" clusterAnalytics: default: true - description: "ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. This field defaults to `true`." + description: "ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms.\nThis field defaults to `true`." type: "boolean" clusterQuery: default: true - description: "ClusterQuery enables the backup of cluster level query metadata. This field defaults to `true`." + description: "ClusterQuery enables the backup of cluster level query metadata.\nThis field defaults to `true`." type: "boolean" data: default: true - description: "Data restores document data from the backup. This field defaults to true." + description: "Data restores document data from the backup. This field defaults\nto true." type: "boolean" eventing: default: true - description: "Eventing restores eventing functions from the backup. This field defaults to true." + description: "Eventing restores eventing functions from the backup. This field\ndefaults to true." type: "boolean" ftAlias: default: true - description: "FTAlias restores full-text search aliases from the backup. This field defaults to true." + description: "FTAlias restores full-text search aliases from the backup. This\nfield defaults to true." type: "boolean" ftIndex: default: true - description: "FTIndex restores full-text search indexes from the backup. This field defaults to true." + description: "FTIndex restores full-text search indexes from the backup. This\nfield defaults to true." type: "boolean" gsiIndex: default: true - description: "GSIIndex restores document indexes from the backup. This field defaults to true." + description: "GSIIndex restores document indexes from the backup. This field\ndefaults to true." + type: "boolean" + users: + default: false + description: "Users restores cluster level users, including their roles and permissions. This is\nonly available for Couchbase Server 7.6 and later. This field defaults to `false`." type: "boolean" views: default: true @@ -215,14 +223,14 @@ spec: stagingVolume: default: size: "20Gi" - description: "StagingVolume contains configuration related to the ephemeral volume used as staging when restoring from a cloud backup." + description: "StagingVolume contains configuration related to the\nephemeral volume used as staging when restoring from a cloud backup." properties: size: anyOf: - type: "integer" - type: "string" default: "20Gi" - description: "Size allows the specification of a staging volume. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes The ephemeral volume will only be used when restoring from a cloud provider, if the backup job was created using ephemeral storage. Otherwise the restore job will share a staging volume with the backup job." + description: "Size allows the specification of a staging volume. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes\nThe ephemeral volume will only be used when restoring from a cloud provider,\nif the backup job was created using ephemeral storage.\nOtherwise the restore job will share a staging volume with the backup job." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -231,7 +239,7 @@ spec: type: "string" type: "object" start: - description: "Start denotes the first backup to restore from. This may be specified as an integer index (starting from 1), a string specifying a short date DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords." + description: "Start denotes the first backup to restore from. This may be specified as\nan integer index (starting from 1), a string specifying a short date\nDD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords." properties: int: description: "Int references a relative backup by index." @@ -251,17 +259,15 @@ spec: format: "int32" minimum: 0.0 type: "integer" - required: - - "backup" type: "object" status: - description: "CouchbaseBackupRestoreStatus provides status indications of a restore from backup. This includes whether or not the restore is running, whether the restore succeed or not, and the duration the restore took." + description: "CouchbaseBackupRestoreStatus provides status indications of a restore from\nbackup. This includes whether or not the restore is running, whether the\nrestore succeed or not, and the duration the restore took." properties: archive: description: "Location of Backup Archive." type: "string" backups: - description: "Backups gives us a full list of all backups and their respective repository locations." + description: "Backups gives us a full list of all backups\nand their respective repository locations." items: properties: full: @@ -280,13 +286,13 @@ spec: type: "object" type: "array" duration: - description: "Duration tells us how long the last restore took. More info: https://golang.org/pkg/time/#ParseDuration" + description: "Duration tells us how long the last restore took. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" failed: description: "Failed indicates whether the most recent restore has failed." type: "boolean" job: - description: "DEPRECATED - field may no longer be populated. Job tells us which job is running/ran last." + description: "DEPRECATED - field may no longer be populated.\nJob tells us which job is running/ran last." type: "string" lastFailure: description: "LastFailure tells us the time the last failed restore failed." @@ -301,10 +307,10 @@ spec: format: "date-time" type: "string" output: - description: "DEPRECATED - field may no longer be populated. Output reports useful information from the backup process." + description: "DEPRECATED - field may no longer be populated.\nOutput reports useful information from the backup process." type: "string" pod: - description: "DEPRECATED - field may no longer be populated. Pod tells us which pod is running/ran last." + description: "DEPRECATED - field may no longer be populated.\nPod tells us which pod is running/ran last." type: "string" repo: description: "Repo is where we are currently performing operations." diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackups.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackups.yaml index b48ac852b..8f8125ce3 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackups.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebackups.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasebackups.couchbase.com" spec: group: "couchbase.com" @@ -41,67 +41,67 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "CouchbaseBackup allows automatic backup of all data from a Couchbase cluster into persistent storage." + description: "CouchbaseBackup allows automatic backup of all data from a Couchbase cluster\ninto persistent storage." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "CouchbaseBackupSpec is allows the specification of how a Couchbase backup is configured, including when backups are performed, how long they are retained for, and where they are backed up to." + description: "CouchbaseBackupSpec is allows the specification of how a Couchbase backup is\nconfigured, including when backups are performed, how long they are retained\nfor, and where they are backed up to." properties: autoScaling: - description: "AutoScaling allows the volume size to be dynamically increased. When specified, the backup volume will start with an initial size as defined by `spec.size`, and increase as required." + description: "AutoScaling allows the volume size to be dynamically increased.\nWhen specified, the backup volume will start with an initial size\nas defined by `spec.size`, and increase as required." properties: incrementPercent: default: 20 - description: "IncrementPercent controls how much the volume is increased each time the threshold is exceeded, upto a maximum as defined by the limit. This field defaults to 20 if not specified." + description: "IncrementPercent controls how much the volume is increased each time the\nthreshold is exceeded, upto a maximum as defined by the limit.\nThis field defaults to 20 if not specified." minimum: 0.0 type: "integer" limit: anyOf: - type: "integer" - type: "string" - description: "Limit imposes a hard limit on the size we can autoscale to. When not specified no bounds are imposed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "Limit imposes a hard limit on the size we can autoscale to. When not\nspecified no bounds are imposed. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true thresholdPercent: default: 20 - description: "ThresholdPercent determines the point at which a volume is autoscaled. This represents the percentage of free space remaining on the volume, when less than this threshold, it will trigger a volume expansion. For example, if the volume is 100Gi, and the threshold 20%, then a resize will be triggered when the used capacity exceeds 80Gi, and free space is less than 20Gi. This field defaults to 20 if not specified." + description: "ThresholdPercent determines the point at which a volume is autoscaled.\nThis represents the percentage of free space remaining on the volume,\nwhen less than this threshold, it will trigger a volume expansion.\nFor example, if the volume is 100Gi, and the threshold 20%, then a resize\nwill be triggered when the used capacity exceeds 80Gi, and free space is\nless than 20Gi. This field defaults to 20 if not specified." maximum: 99.0 minimum: 0.0 type: "integer" type: "object" backoffLimit: default: 2 - description: "Number of times a backup job should try to execute. Once it hits the BackoffLimit it will not run until the next scheduled job." + description: "Number of times a backup job should try to execute.\nOnce it hits the BackoffLimit it will not run until the next scheduled job." format: "int32" type: "integer" backupRetention: default: "720h" - description: "Number of hours to hold backups for, everything older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration" + description: "Number of hours to hold backups for, everything older will be deleted. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" data: - description: "Data allows control over what key-value/document data is included in the backup. By default, all data is included. Modifications to this field will only take effect on the next full backup." + description: "Data allows control over what key-value/document data is included in the\nbackup. By default, all data is included. Modifications\nto this field will only take effect on the next full backup." properties: exclude: - description: "Exclude defines the buckets, scopes or collections that are excluded from the backup. When this field is set, it implies that by default everything will be backed up, and data items can be explicitly excluded. You may define an exclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Excluded data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as included items." + description: "Exclude defines the buckets, scopes or collections that are excluded from the backup.\nWhen this field is set, it implies that by default everything will be backed up,\nand data items can be explicitly excluded. You may define an exclusion as a bucket\n-- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`.\nBuckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as\nperiod is the separator used to delimit scopes and collections. Excluded data cannot overlap\ne.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot\nbe used at the same time as included items." items: - description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. The _default scope and collection are valid for this type. As these names are period separated, and buckets can contain periods, the latter need to be escaped. This specification is based on cbbackupmgr." + description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection.\nThe _default scope and collection are valid for this type.\nAs these names are period separated, and buckets can contain periods, the latter need\nto be escaped. This specification is based on cbbackupmgr." pattern: "^(?:[a-zA-Z0-9\\-_%]|\\\\.){1,100}(\\._default(\\._default)?|\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29}(\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29})?)?$" type: "string" minItems: 1 type: "array" x-kubernetes-list-type: "set" include: - description: "Include defines the buckets, scopes or collections that are included in the backup. When this field is set, it implies that by default nothing will be backed up, and data items must be explicitly included. You may define an inclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Included data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as excluded items." + description: "Include defines the buckets, scopes or collections that are included in the backup.\nWhen this field is set, it implies that by default nothing will be backed up,\nand data items must be explicitly included. You may define an inclusion as a bucket\n-- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`.\nBuckets may contain periods, and therefore must be escaped -- `my\\.bucket.my-scope`, as\nperiod is the separator used to delimit scopes and collections. Included data cannot overlap\ne.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot\nbe used at the same time as excluded items." items: - description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. The _default scope and collection are valid for this type. As these names are period separated, and buckets can contain periods, the latter need to be escaped. This specification is based on cbbackupmgr." + description: "BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection.\nThe _default scope and collection are valid for this type.\nAs these names are period separated, and buckets can contain periods, the latter need\nto be escaped. This specification is based on cbbackupmgr." pattern: "^(?:[a-zA-Z0-9\\-_%]|\\\\.){1,100}(\\._default(\\._default)?|\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29}(\\.[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,29})?)?$" type: "string" minItems: 1 @@ -110,7 +110,7 @@ spec: type: "object" defaultRecoveryMethod: default: "none" - description: "DefaultRecoveryMethod specifies how cbbackupmgr should recover from broken backup/restore attempts." + description: "DefaultRecoveryMethod specifies how cbbackupmgr should\nrecover from broken backup/restore attempts." enum: - "none" - "resume" @@ -118,7 +118,7 @@ spec: type: "string" ephemeralVolume: default: false - description: "EphemeralVolume sets backup to use an ephemeral volume instead of a persistent volume. This is used when backing up to a remote cloud provider, where a persistent volume is not needed." + description: "EphemeralVolume sets backup to use an ephemeral volume instead\nof a persistent volume. This is used when backing up to a remote\ncloud provider, where a persistent volume is not needed." type: "boolean" failedJobsHistoryLimit: default: 3 @@ -127,7 +127,7 @@ spec: minimum: 0.0 type: "integer" full: - description: "Full is the schedule on when to take full backups. Used in Full/Incremental and FullOnly backup strategies." + description: "Full is the schedule on when to take full backups.\nUsed in Full/Incremental and FullOnly backup strategies." properties: schedule: description: "Schedule takes a cron schedule in string format." @@ -136,7 +136,7 @@ spec: - "schedule" type: "object" incremental: - description: "Incremental is the schedule on when to take incremental backups. Used in Full/Incremental backup strategies." + description: "Incremental is the schedule on when to take incremental backups.\nUsed in Full/Incremental backup strategies." properties: schedule: description: "Schedule takes a cron schedule in string format." @@ -146,86 +146,90 @@ spec: type: "object" logRetention: default: "168h" - description: "Number of hours to hold script logs for, everything older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration" + description: "Number of hours to hold script logs for, everything older will be deleted. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" objectStore: description: "ObjectStore allows for backing up to a remote cloud storage." properties: endpoint: - description: "Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. If set will override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores" + description: "Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store.\nIf set will override `CouchbaseCluster.spec.backup.objectEndpoint`\nSee https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores" properties: secret: - description: "The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name \"tls.crt\"" + description: "The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint\nThe secret must have the key with the name \"tls.crt\"" type: "string" url: description: "The host/address of the custom object endpoint." type: "string" useVirtualPath: - description: "UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores." + description: "UseVirtualPath will force the AWS SDK to use the new virtual style paths\nwhich are often required by S3 compatible object stores." type: "boolean" type: "object" secret: - description: "ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2" + description: "ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token.\nThese correspond to the fields used by cbbackupmgr\nhttps://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2" type: "string" uri: - description: "URI is a reference to a remote object store. This is the prefix of the object store and the bucket name. i.e s3://bucket, az://bucket or gs://bucket." + description: "URI is a reference to a remote object store.\nThis is the prefix of the object store and the bucket name.\ni.e s3://bucket, az://bucket or gs://bucket." pattern: "^(az|s3|gs)://.{3,}$" type: "string" useIAM: - description: "Whether to allow the backup SDK to attempt to authenticate using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`." + description: "Whether to allow the backup SDK to attempt to authenticate\nusing the instance metadata api.\nIf set, will override `CouchbaseCluster.spec.backup.useIAM`." type: "boolean" type: "object" s3bucket: - description: "DEPRECATED - by spec.objectStore.uri Name of S3 bucket to backup to. If non-empty this overrides local backup." + description: "DEPRECATED - by spec.objectStore.uri\nName of S3 bucket to backup to. If non-empty this overrides local backup." pattern: "^s3://[a-z0-9-\\.\\/]{3,63}$" type: "string" services: default: {} - description: "Services allows control over what services are included in the backup. By default, all service data and metadata are included. Modifications to this field will only take effect on the next full backup." + description: "Services allows control over what services are included in the backup.\nBy default, all service data and metadata are included apart from users.\nModifications to this field will only take effect on the next full backup." properties: analytics: default: true - description: "Analytics enables the backup of analytics data. This field defaults to `true`." + description: "Analytics enables the backup of analytics data.\nThis field defaults to `true`." type: "boolean" bucketConfig: default: true - description: "BucketConfig enables the backup of bucket configuration. This field defaults to `true`." + description: "BucketConfig enables the backup of bucket configuration.\nThis field defaults to `true`." type: "boolean" bucketQuery: default: true - description: "BucketQuery enables the backup of query metadata for all buckets. This field defaults to `true`." + description: "BucketQuery enables the backup of query metadata for all buckets.\nThis field defaults to `true`." type: "boolean" clusterAnalytics: default: true - description: "ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. This field defaults to `true`." + description: "ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms.\nThis field defaults to `true`." type: "boolean" clusterQuery: default: true - description: "ClusterQuery enables the backup of cluster level query metadata. This field defaults to `true`." + description: "ClusterQuery enables the backup of cluster level query metadata.\nThis field defaults to `true`." type: "boolean" data: default: true - description: "Data enables the backup of key-value data/documents for all buckets. This can be further refined with the couchbasebackups.spec.data configuration. This field defaults to `true`." + description: "Data enables the backup of key-value data/documents for all buckets.\nThis can be further refined with the couchbasebackups.spec.data configuration.\nThis field defaults to `true`." type: "boolean" eventing: default: true - description: "Eventing enables the backup of eventing service metadata. This field defaults to `true`." + description: "Eventing enables the backup of eventing service metadata.\nThis field defaults to `true`." type: "boolean" ftsAliases: default: true - description: "FTSAliases enables the backup of full-text search alias definitions. This field defaults to `true`." + description: "FTSAliases enables the backup of full-text search alias definitions.\nThis field defaults to `true`." type: "boolean" ftsIndexes: default: true - description: "FTSIndexes enables the backup of full-text search index definitions for all buckets. This field defaults to `true`." + description: "FTSIndexes enables the backup of full-text search index definitions for all buckets.\nThis field defaults to `true`." type: "boolean" gsIndexes: default: true - description: "GSIndexes enables the backup of global secondary index definitions for all buckets. This field defaults to `true`." + description: "GSIndexes enables the backup of global secondary index definitions for all buckets.\nThis field defaults to `true`." + type: "boolean" + users: + default: false + description: "Users enables the backup of users including their roles and permissions. This is\nonly available for Couchbase Server 7.6 and later. This field defaults to `false`." type: "boolean" views: default: true - description: "Views enables the backup of view definitions for all buckets. This field defaults to `true`." + description: "Views enables the backup of view definitions for all buckets.\nThis field defaults to `true`." type: "boolean" type: "object" size: @@ -233,7 +237,7 @@ spec: - type: "integer" - type: "string" default: "20Gi" - description: "Size allows the specification of a backup persistent volume, when using volume based backup. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "Size allows the specification of a backup persistent volume, when using\nvolume based backup. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -242,10 +246,12 @@ spec: type: "string" strategy: default: "full_incremental" - description: "Strategy defines how to perform backups. `full_only` will only perform full backups, and you must define a schedule in the `spec.full` field. `full_incremental` will perform periodic full backups, and incremental backups in between. You must define full and incremental schedules in the `spec.full` and `spec.incremental` fields respectively. Care should be taken to ensure full and incremental schedules do not overlap, taking into account the backup time, as this will cause failures as the jobs attempt to mount the same backup volume. This field default to `full_incremental`. Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html" + description: "Strategy defines how to perform backups. `full_only` will only perform full\nbackups, and you must define a schedule in the `spec.full` field. `full_incremental`\nwill perform periodic full backups, and incremental backups in between. You must\ndefine full and incremental schedules in the `spec.full` and `spec.incremental` fields\nrespectively. Care should be taken to ensure full and incremental schedules do not\noverlap, taking into account the backup time, as this will cause failures as the jobs\nattempt to mount the same backup volume. To cause a backup to occur immediately use `immediate_incremental`\nor `immediate_full` for incremental or full backups respectively.\nThis field default to `full_incremental`.\nInfo: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html" enum: - "full_incremental" - "full_only" + - "immediate_incremental" + - "immediate_full" type: "string" successfulJobsHistoryLimit: default: 3 @@ -265,13 +271,13 @@ spec: type: "integer" type: "object" status: - description: "CouchbaseBackupStatus provides status notifications about the Couchbase backup including when the last backup occurred, whether is succeeded or not, the run time of the backup and the size of the backup." + description: "CouchbaseBackupStatus provides status notifications about the Couchbase backup\nincluding when the last backup occurred, whether is succeeded or not, the run\ntime of the backup and the size of the backup." properties: archive: description: "Location of Backup Archive." type: "string" backups: - description: "Backups gives us a full list of all backups and their respective repository locations." + description: "Backups gives us a full list of all backups\nand their respective repository locations." items: properties: full: @@ -293,21 +299,21 @@ spec: anyOf: - type: "integer" - type: "string" - description: "CapacityUsed tells us how much of the PVC we are using. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "CapacityUsed tells us how much of the PVC we are using. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true cronjob: - description: "DEPRECATED - field may no longer be populated. Cronjob tells us which Cronjob the job belongs to." + description: "DEPRECATED - field may no longer be populated.\nCronjob tells us which Cronjob the job belongs to." type: "string" duration: - description: "Duration tells us how long the last backup took. More info: https://golang.org/pkg/time/#ParseDuration" + description: "Duration tells us how long the last backup took. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" failed: description: "Failed indicates whether the most recent backup has failed." type: "boolean" job: - description: "DEPRECATED - field may no longer be populated. Job tells us which job is running/ran last." + description: "DEPRECATED - field may no longer be populated.\nJob tells us which job is running/ran last." type: "string" lastFailure: description: "LastFailure tells us the time the last failed backup failed." @@ -322,10 +328,10 @@ spec: format: "date-time" type: "string" output: - description: "DEPRECATED - field may no longer be populated. Output reports useful information from the backup_script." + description: "DEPRECATED - field may no longer be populated.\nOutput reports useful information from the backup_script." type: "string" pod: - description: "DEPRECATED - field may no longer be populated. Pod tells us which pod is running/ran last." + description: "DEPRECATED - field may no longer be populated.\nPod tells us which pod is running/ran last." type: "string" repo: description: "Repo is where we are currently performing operations." diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebuckets.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebuckets.yaml index d004e2241..bb4e0b29b 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebuckets.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasebuckets.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasebuckets.couchbase.com" spec: group: "couchbase.com" @@ -36,23 +36,23 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "The CouchbaseBucket resource defines a set of documents in Couchbase server. A Couchbase client connects to and operates on a bucket, which provides independent management of a set documents and a security boundary for role based access control. A CouchbaseBucket provides replication and persistence for documents contained by it." + description: "The CouchbaseBucket resource defines a set of documents in Couchbase server.\nA Couchbase client connects to and operates on a bucket, which provides independent\nmanagement of a set documents and a security boundary for role based access control.\nA CouchbaseBucket provides replication and persistence for documents contained by it." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: default: {} - description: "CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized." + description: "CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and\nallows the bucket to be customized." properties: compressionMode: default: "passive" - description: "CompressionMode defines how Couchbase server handles document compression. When off, documents are stored in memory, and transferred to the client uncompressed. When passive, documents are stored compressed in memory, and transferred to the client compressed when requested. When active, documents are stored compresses in memory and when transferred to the client. This field must be \"off\", \"passive\" or \"active\", defaulting to \"passive\". Be aware \"off\" in YAML 1.2 is a boolean, so must be quoted as a string in configuration files." + description: "CompressionMode defines how Couchbase server handles document compression. When\noff, documents are stored in memory, and transferred to the client uncompressed.\nWhen passive, documents are stored compressed in memory, and transferred to the\nclient compressed when requested. When active, documents are stored compresses\nin memory and when transferred to the client. This field must be \"off\", \"passive\"\nor \"active\", defaulting to \"passive\". Be aware \"off\" in YAML 1.2 is a boolean, so\nmust be quoted as a string in configuration files." enum: - "off" - "passive" @@ -60,45 +60,45 @@ spec: type: "string" conflictResolution: default: "seqno" - description: "ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number based resolution selects the document with the highest sequence number as the most recent. Timestamp based resolution selects the document that was written to most recently as the most recent. This field must be \"seqno\" (sequence based), or \"lww\" (timestamp based), defaulting to \"seqno\"." + description: "ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number\nbased resolution selects the document with the highest sequence number as the most recent.\nTimestamp based resolution selects the document that was written to most recently as the\nmost recent. This field must be \"seqno\" (sequence based), or \"lww\" (timestamp based),\ndefaulting to \"seqno\"." enum: - "seqno" - "lww" type: "string" enableFlush: - description: "EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false." + description: "EnableFlush defines whether a client can delete all documents in a bucket.\nThis field defaults to false." type: "boolean" enableIndexReplica: - description: "EnableIndexReplica defines whether indexes for this bucket are replicated. This field defaults to false." + description: "EnableIndexReplica defines whether indexes for this bucket are replicated.\nThis field defaults to false." type: "boolean" evictionPolicy: default: "valueOnly" - description: "EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction flushes documents to disk but maintains document metadata in memory in order to improve query performance. Full eviction removes all data from memory after the document is flushed to disk. This field must be \"valueOnly\" or \"fullEviction\", defaulting to \"valueOnly\"." + description: "EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction\nflushes documents to disk but maintains document metadata in memory in order to improve\nquery performance. Full eviction removes all data from memory after the document is\nflushed to disk. This field must be \"valueOnly\" or \"fullEviction\", defaulting to\n\"valueOnly\"." enum: - "valueOnly" - "fullEviction" type: "string" ioPriority: default: "low" - description: "IOPriority controls how many threads a bucket has, per pod, to process reads and writes. This field must be \"low\" or \"high\", defaulting to \"low\". Modification of this field will cause a temporary service disruption as threads are restarted." + description: "IOPriority controls how many threads a bucket has, per pod, to process reads and writes.\nThis field must be \"low\" or \"high\", defaulting to \"low\". Modification of this field will\ncause a temporary service disruption as threads are restarted." enum: - "low" - "high" type: "string" maxTTL: - description: "MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This is a default and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration" + description: "MaxTTL defines how long a document is permitted to exist for, without\nmodification, until it is automatically deleted. This is a default and maximum\ntime-to-live and may be set to a lower value by the client. If the client specifies\na higher value, then it is truncated to the maximum durability. Documents are\nremoved by Couchbase, after they have expired, when either accessed, the expiry\npager is run, or the bucket is compacted. When set to 0, then documents are not\nexpired by default. This field must be a duration in the range 0-2147483648s,\ndefaulting to 0. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" memoryQuota: anyOf: - type: "integer" - type: "string" default: "100Mi" - description: "MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory to disk as defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded,\ndocuments will be evicted from memory to disk as defined by the eviction policy. The\nmemory quota is defined per Couchbase pod running the data service. This field defaults\nto, and must be greater than or equal to 100Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true minimumDurability: - description: "MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. When majorityAndPersistActive, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster and the document has been persisted to disk on the document master pod. When persistToMajority, Couchbase server will respond when the document is replicated and persisted to disk on at least half of the pods running the data service in the cluster. This field must be either \"none\", \"majority\", \"majorityAndPersistActive\" or \"persistToMajority\", defaulting to \"none\"." + description: "MiniumumDurability defines how durable a document write is by default, and can\nbe made more durable by the client. This feature enables ACID transactions.\nWhen none, Couchbase server will respond when the document is in memory, it will\nbecome eventually consistent across the cluster. When majority, Couchbase server will\nrespond when the document is replicated to at least half of the pods running the\ndata service in the cluster. When majorityAndPersistActive, Couchbase server will\nrespond when the document is replicated to at least half of the pods running the\ndata service in the cluster and the document has been persisted to disk on the\ndocument master pod. When persistToMajority, Couchbase server will respond when\nthe document is replicated and persisted to disk on at least half of the pods running\nthe data service in the cluster. This field must be either \"none\", \"majority\",\n\"majorityAndPersistActive\" or \"persistToMajority\", defaulting to \"none\"." enum: - "none" - "majority" @@ -106,35 +106,41 @@ spec: - "persistToMajority" type: "string" name: - description: "Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "Name is the name of the bucket within Couchbase server. By default the Operator\nwill use the `metadata.name` field to define the bucket name. The `metadata.name`\nfield only supports a subset of the supported character set. When specified, this\nfield overrides `metadata.name`. Legal bucket names have a maximum length of 100\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" + rank: + default: 0 + description: "Rank determines the bucket’s place in the order in which the rebalance process\nhandles the buckets on the cluster. The higher a bucket’s assigned integer\n(in relation to the integers assigned other buckets), the sooner in the\nrebalance process the bucket is handled. This assignment of rank allows a\ncluster’s most mission-critical data to be rebalanced with top priority.\nThis option is only supported for Couchbase Server 7.6.0+." + maximum: 1000.0 + minimum: 0.0 + type: "integer" replicas: default: 1 - description: "Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1." + description: "Replicas defines how many copies of documents Couchbase server maintains. This directly\naffects how fault tolerant a Couchbase cluster is. With a single replica, the cluster\ncan tolerate one data pod going down and still service requests without data loss. The\nnumber of replicas also affect memory use. With a single replica, the effective memory\nquota for documents is halved, with two replicas it is one third. The number of replicas\nmust be between 0 and 3, defaulting to 1." maximum: 3.0 minimum: 0.0 type: "integer" scopes: - description: "Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket." + description: "Scopes defines whether the Operator manages scopes for the bucket or not, and\nthe set of scopes defined for the bucket." properties: managed: - description: "Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present." + description: "Managed defines whether scopes are managed for this bucket.\nThis field is `false` by default, and the Operator will take no actions that\nwill affect scopes and collections in this bucket. The default scope and\ncollection will be present. When set to `true`, the Operator will manage\nuser defined scopes, and optionally, their collections as defined by the\n`CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and\n`CouchbaseCollectionGroup` resource documentation. If this field is set to\n`false` while the already managed, then the Operator will leave whatever\nconfiguration is already present." type: "boolean" resources: - description: "Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named resources that will be considered\nfor inclusion in this bucket. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseScope" - description: "Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseScope` and `CouchbaseScopeGroup` resource kinds. This field defaults to `CouchbaseScope` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A scope\ncan only reference `CouchbaseScope` and `CouchbaseScopeGroup`\nresource kinds. This field defaults to `CouchbaseScope` if not\nspecified." enum: - "CouchbaseScope" - "CouchbaseScopeGroup" type: "string" name: - description: "Name is the name of the Kubernetes resource name that is being referenced. Legal scope names have a maximum length of 251 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." + description: "Name is the name of the Kubernetes resource name that is being referenced.\nLegal scope names have a maximum length of 251\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" @@ -144,21 +150,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\nbucket. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -170,12 +176,13 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" storageBackend: - description: "StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - \"couchstore\" or \"magma\", defaulting to \"couchstore\". This cannot be edited after bucket creation. Note: \"magma\" is only valid for Couchbase Server 7.1.0 onward." + description: "StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward.\nTwo different backend storage mechanisms can be used - \"couchstore\" or \"magma\", defaulting to \"couchstore\".\nNote: \"magma\" is only valid for Couchbase Server 7.1.0 onward." enum: - "couchstore" - "magma" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseclusters.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseclusters.yaml index a3f914696..7be22e4c8 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseclusters.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseclusters.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbaseclusters.couchbase.com" spec: group: "couchbase.com" @@ -35,31 +35,31 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "The CouchbaseCluster resource represents a Couchbase cluster. It allows configuration of cluster topology, networking, storage and security options." + description: "The CouchbaseCluster resource represents a Couchbase cluster. It allows configuration\nof cluster topology, networking, storage and security options." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized." + description: "ClusterSpec is the specification for a CouchbaseCluster resources, and allows\nthe cluster to be customized." properties: antiAffinity: - description: "AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters." + description: "AntiAffinity forces the Operator to schedule different Couchbase server pods on\ndifferent Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable\nfailure in the event of a node issue. Use of anti-affinity is highly recommended for\nproduction clusters." type: "boolean" autoResourceAllocation: - description: "AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the `spec.servers.resources` field." + description: "AutoResourceAllocation populates pod resource requests based on the services running\non that pod. When enabled, this feature will calculate the memory request as the\ntotal of service allocations defined in `spec.cluster`, plus an overhead defined\nby `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for\na service will cause a cluster upgrade as allocations are modified in the underlying\npods. This field also allows default pod CPU requests and limits to be applied.\nAll resource allocations can be overridden by explicitly configuring them in the\n`spec.servers.resources` field." properties: cpuLimits: anyOf: - type: "integer" - type: "string" default: "4" - description: "CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to \"4\" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "CPULimits automatically populates the CPU limits across all Couchbase\nserver pods. This field defaults to \"4\" CPUs. Explicitly specifying the CPU\nlimit for a particular server class will override this value. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -68,7 +68,7 @@ spec: - type: "integer" - type: "string" default: "2" - description: "CPURequests automatically populates the CPU requests across all Couchbase server pods. The default value of \"2\", is the minimum recommended number of CPUs required to run Couchbase Server. Explicitly specifying the CPU request for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "CPURequests automatically populates the CPU requests across all Couchbase\nserver pods. The default value of \"2\", is the minimum recommended number of\nCPUs required to run Couchbase Server. Explicitly specifying the CPU request\nfor a particular server class will override this value. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -77,15 +77,15 @@ spec: type: "boolean" overheadPercent: default: 25 - description: "OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%." + description: "OverheadPercent defines the amount of memory above that required for individual\nservices on a pod. For Couchbase Server this should be approximately 25%." minimum: 0.0 type: "integer" type: "object" autoscaleStabilizationPeriod: - description: "AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. \n Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance." + description: "AutoscaleStabilizationPeriod defines how long after a rebalance the\ncorresponding HorizontalPodAutoscaler should remain in maintenance mode.\nDuring maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler\nassociated with the cluster becomes inactive.\nSince certain metrics can be unpredictable when Couchbase is rebalancing or upgrading,\nsetting a stabilization period helps to prevent scaling recommendations from the\nHorizontalPodAutoscaler for a provided period of time.\n\n\nValues must be a valid Kubernetes duration of 0s or higher:\nhttps://golang.org/pkg/time/#ParseDuration\nA value of 0, puts the cluster in maintenance mode during rebalance but\nimmediately exits this mode once the rebalance has completed.\nWhen undefined, the HPA is never put into maintenance mode during rebalance." type: "string" backup: - description: "Backup defines whether the Operator should manage automated backups, and how to lookup backup resources." + description: "Backup defines whether the Operator should manage automated backups, and how\nto lookup backup resources." properties: annotations: additionalProperties: @@ -97,14 +97,15 @@ spec: description: "The Backup Image to run on backup pods." type: "string" imagePullSecrets: - description: "ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones." + description: "ImagePullSecrets allow you to use an image from private\nrepositories and non-dockerhub ones." items: - description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" + x-kubernetes-map-type: "atomic" type: "array" labels: additionalProperties: @@ -117,24 +118,39 @@ spec: nodeSelector: additionalProperties: type: "string" - description: "NodeSelector defines which nodes to constrain the pods that run any backup and restore operations to." + description: "NodeSelector defines which nodes to constrain the pods that\nrun any backup and restore operations to." type: "object" objectEndpoint: - description: "Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store." + description: "Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint\nObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store." properties: secret: - description: "The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name \"tls.crt\"" + description: "The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint\nThe secret must have the key with the name \"tls.crt\"" type: "string" url: description: "The host/address of the custom object endpoint." type: "string" useVirtualPath: - description: "UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores." + description: "UseVirtualPath will force the AWS SDK to use the new virtual style paths\nwhich are often required by S3 compatible object stores." type: "boolean" type: "object" resources: - description: "Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified." + description: "Resources is the resource requirements for the backup and restore\ncontainers. Will be populated by defaults if not specified." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -142,7 +158,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -151,28 +167,28 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" s3Secret: - description: "Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the `spec.s3bucket` field is specified for a backup or restore resource." + description: "Deprecated: by CouchbaseBackup.spec.objectStore.secret\nS3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3.\nThis field must be popluated when the `spec.s3bucket` field is specified\nfor a backup or restore resource." type: "string" selector: - description: "Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels." + description: "Selector allows CouchbaseBackup and CouchbaseBackupRestore\nresources to be filtered based on labels." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -184,64 +200,65 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" serviceAccountName: default: "couchbase-backup" - description: "The Service Account to run backup (and restore) pods under. Without this backup pods will not be able to update status." + description: "The Service Account to run backup (and restore) pods under.\nWithout this backup pods will not be able to update status." type: "string" tolerations: description: "Tolerations specifies all backup and restore pod tolerations." items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" useIAMRole: - description: "Deprecated: by CouchbaseBackup.spec.objectStore.useIAM UseIAMRole enables backup to fetch EC2 instance metadata. This allows the AWS SDK to use the EC2's IAM Role for S3 access. UseIAMRole will ignore credentials in s3Secret." + description: "Deprecated: by CouchbaseBackup.spec.objectStore.useIAM\nUseIAMRole enables backup to fetch EC2 instance metadata.\nThis allows the AWS SDK to use the EC2's IAM Role for S3 access.\nUseIAMRole will ignore credentials in s3Secret." type: "boolean" required: - "image" type: "object" buckets: - description: "Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources." + description: "Buckets defines whether the Operator should manage buckets, and how to lookup\nbucket resources." properties: managed: - description: "Managed defines whether buckets are managed by the Operator (true), or user managed (false). When Operator managed, all buckets must be defined with either CouchbaseBucket, CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition of buckets will be reverted by the Operator. When user managed, the Operator will not interrogate buckets at all. This field defaults to false." + description: "Managed defines whether buckets are managed by the Operator (true), or user managed (false).\nWhen Operator managed, all buckets must be defined with either CouchbaseBucket,\nCouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition\nof buckets will be reverted by the Operator. When user managed, the Operator\nwill not interrogate buckets at all. This field defaults to false." type: "boolean" selector: - description: "Selector is a label selector used to list buckets in the namespace that are managed by the Operator." + description: "Selector is a label selector used to list buckets in the namespace\nthat are managed by the Operator." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -253,29 +270,30 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" synchronize: - description: "Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands." + description: "Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as\nKubernetes resources by the Operator. This feature is intended for development only\nand should not be used for production workloads. The synchronization workflow starts\nwith `spec.buckets.managed` being set to false, the user can manually create buckets,\nscopes, and collections using the Couchbase UI, or other tooling. When you wish to\ncommit to Kubernetes resources, you must specify a unique label selector in the\n`spec.buckets.selector` field, and this field is set to true. The Operator will\ncreate Kubernetes resources for you, and upon completion set the cluster's `Synchronized`\nstatus condition. Synchronizing will not create a Kubernetes resource for the Couchbase\nServer maintained _system scope. You may then safely set `spec.buckets.managed` to\ntrue and the Operator will manage these resources as per usual. To update an already\nmanaged data topology, you must first set it to unmanaged, make any changes, and delete\nany old resources, then follow the standard synchronization workflow. The Operator\ncan not, and will not, ever delete, or make modifications to resource specifications\nthat are intended to be user managed, or managed by a life cycle management tool. These\nactions must be instigated by an end user. For a more complete experience, refer to\nthe documentation for the `cao save` and `cao restore` CLI commands." type: "boolean" type: "object" cluster: default: {} - description: "ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings." + description: "ClusterSettings define Couchbase cluster-wide settings such as memory allocation,\nfailover characteristics and index settings." properties: analyticsServiceMemoryQuota: anyOf: - type: "integer" - type: "string" default: "1Gi" - description: "AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service.\nThis value is per-pod, and only applicable to pods belonging to server classes running\nthe analytics service. This field must be a quantity greater than or equal to 1Gi. This\nfield defaults to 1Gi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true autoCompaction: default: {} - description: "AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run." + description: "AutoCompaction allows the configuration of auto-compaction, including on what\nconditions disk space is reclaimed and when it is allowed to run." properties: databaseFragmentationThreshold: default: {} @@ -283,7 +301,7 @@ spec: properties: percent: default: 30 - description: "Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30." + description: "Percent is the percentage of disk fragmentation after which to decompaction will be\ntriggered. This field must be in the range 2-100, defaulting to 30." maximum: 100.0 minimum: 2.0 type: "integer" @@ -291,20 +309,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "Size is the amount of disk framentation, that once exceeded, will trigger decompaction.\nMore info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true type: "object" parallelCompaction: - description: "ParallelCompaction controls whether database and view compactions can happen in parallel." + description: "ParallelCompaction controls whether database and view compactions can happen\nin parallel." type: "boolean" timeWindow: description: "TimeWindow allows restriction of when compaction can occur." properties: abortCompactionOutsideWindow: default: false - description: "AbortCompactionOutsideWindow stops compaction processes when the process moves outside the window." + description: "AbortCompactionOutsideWindow stops compaction processes when the\nprocess moves outside the window." type: "boolean" end: description: "End is a wallclock time, in the form HH:MM, when a compaction should stop." @@ -317,7 +335,7 @@ spec: type: "object" tombstonePurgeInterval: default: "72h" - description: "TombstonePurgeInterval controls how long to wait before purging tombstones. This field must be in the range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration" + description: "TombstonePurgeInterval controls how long to wait before purging tombstones.\nThis field must be in the range 1h-1440h, defaulting to 72h.\nMore info: https://golang.org/pkg/time/#ParseDuration" type: "string" viewFragmentationThreshold: default: {} @@ -325,7 +343,7 @@ spec: properties: percent: default: 30 - description: "Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30." + description: "Percent is the percentage of disk fragmentation after which to decompaction will be\ntriggered. This field must be in the range 2-100, defaulting to 30." maximum: 100.0 minimum: 2.0 type: "integer" @@ -333,7 +351,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "Size is the amount of disk framentation, that once exceeded, will trigger decompaction.\nMore info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -341,47 +359,51 @@ spec: type: "object" autoFailoverMaxCount: default: 1 - description: "AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 default is 1." + description: "AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server\nwill allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0\ndefault is 1." format: "int64" minimum: 1.0 type: "integer" autoFailoverOnDataDiskIssues: - description: "AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod if a disk issue was detected." + description: "AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod\nif a disk issue was detected." type: "boolean" autoFailoverOnDataDiskIssuesTimePeriod: default: "120s" - description: "AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors before failing over a faulty disk. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration" + description: "AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors\nbefore failing over a faulty disk. This field must be in the range 5-3600s, defaulting\nto 120s. More info: https://golang.org/pkg/time/#ParseDuration" type: "string" autoFailoverServerGroup: - description: "AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API" + description: "AutoFailoverServerGroup whether to enable failing over a server group.\nThis field is ignored in server versions 7.1+ as it has been removed from the Couchbase API" type: "boolean" autoFailoverTimeout: default: "120s" - description: "AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration" + description: "AutoFailoverTimeout defines how long Couchbase server will wait between a pod\nbeing witnessed as down, until when it will failover the pod. Couchbase server\nwill only failover pods if it deems it safe to do so, and not result in data\nloss. This field must be in the range 5-3600s, defaulting to 120s.\nMore info: https://golang.org/pkg/time/#ParseDuration" type: "string" clusterName: - description: "ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource's metadata." + description: "ClusterName defines the name of the cluster, as displayed in the Couchbase UI.\nBy default, the cluster name is that specified in the CouchbaseCluster resource's\nmetadata." type: "string" data: description: "Data allows the data service to be configured." properties: auxIOThreads: - description: "AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server." + description: "AuxIOThreads allows the number of threads used by the data service,\nper pod, to be altered. This indicates the number of threads that are\nto be used in the AuxIO thread pool to run auxiliary I/O tasks.\nThis value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+.\nand should only be increased where there are sufficient CPU resources\nallocated for their use. If not specified, this defaults to the\ndefault value set by Couchbase Server." maximum: 64.0 minimum: 1.0 type: "integer" + minReplicasCount: + default: 0 + description: "MinReplicasCount allows the minimum number of replicas required for\nbuckets to be set. New buckets cannot be created with less than this minimum.\nDefaults to 0." + type: "integer" nonIOThreads: - description: "NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server." + description: "NonIOThreads allows the number of threads used by the data service,\nper pod, to be altered. This indicates the number of threads that are\nto be used in the NonIO thread pool to run in memory tasks.\nThis value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+.\nand should only be increased where there are sufficient CPU resources\nallocated for their use. If not specified, this defaults to the\ndefault value set by Couchbase Server." maximum: 64.0 minimum: 1.0 type: "integer" readerThreads: - description: "ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server." + description: "ReaderThreads allows the number of threads used by the data service,\nper pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and,\nor 1 and 64 for CB versions 7.1.0+.\nand should only be increased where there are sufficient CPU resources\nallocated for their use. If not specified, this defaults to the\ndefault value set by Couchbase Server." maximum: 64.0 minimum: 1.0 type: "integer" writerThreads: - description: "WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using \"durable writes\", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server." + description: "WriterThreads allows the number of threads used by the data service,\nper pod, to be altered. This setting is especially relevant when\nusing \"durable writes\", increasing this field will have a large\nimpact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and,\n\t// or 1 and 64 for CB versions 7.1.0+.\nand should only be increased where there are sufficient CPU resources\nallocated for their use. If not specified, this defaults to the\ndefault value set by Couchbase Server." maximum: 64.0 minimum: 1.0 type: "integer" @@ -391,7 +413,7 @@ spec: - type: "integer" - type: "string" default: "256Mi" - description: "DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "DataServiceMemQuota is the amount of memory that should be allocated to the data service.\nThis value is per-pod, and only applicable to pods belonging to server classes running\nthe data service. This field must be a quantity greater than or equal to 256Mi. This\nfield defaults to 256Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -400,7 +422,7 @@ spec: - type: "integer" - type: "string" default: "256Mi" - description: "EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service.\nThis value is per-pod, and only applicable to pods belonging to server classes running\nthe eventing service. This field must be a quantity greater than or equal to 256Mi. This\nfield defaults to 256Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -409,13 +431,13 @@ spec: - type: "integer" - type: "string" default: "256Mi" - description: "IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "IndexServiceMemQuota is the amount of memory that should be allocated to the index service.\nThis value is per-pod, and only applicable to pods belonging to server classes running\nthe index service. This field must be a quantity greater than or equal to 256Mi. This\nfield defaults to 256Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true indexStorageSetting: default: "memory_optimized" - description: "DEPRECATED - by indexer. The index storage mode to use for secondary indexing. This field must be one of \"memory_optimized\" or \"plasma\", defaulting to \"memory_optimized\". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster." + description: "DEPRECATED - by indexer.\nThe index storage mode to use for secondary indexing. This field must be one of\n\"memory_optimized\" or \"plasma\", defaulting to \"memory_optimized\". This field is\nimmutable and cannot be changed unless there are no server classes running the\nindex service in the cluster." enum: - "memory_optimized" - "plasma" @@ -423,9 +445,13 @@ spec: indexer: description: "Indexer allows the indexer to be configured." properties: + enableShardAffinity: + default: false + description: "EnableShardAffinity when false Index Servers rebuild any index that\nare newly assigned to them during a rebalance. When set to true,\nCouchbase Server moves a reassigned index’s files between Index Servers.\nThis field is only supported on CB versions 7.6.0+." + type: "boolean" logLevel: default: "info" - description: "LogLevel controls the verbosity of indexer logs. This field must be one of \"silent\", \"fatal\", \"error\", \"warn\", \"info\", \"verbose\", \"timing\", \"debug\" or \"trace\", defaulting to \"info\"." + description: "LogLevel controls the verbosity of indexer logs. This field must be one of\n\"silent\", \"fatal\", \"error\", \"warn\", \"info\", \"verbose\", \"timing\", \"debug\" or\n\"trace\", defaulting to \"info\"." enum: - "silent" - "fatal" @@ -439,35 +465,35 @@ spec: type: "string" maxRollbackPoints: default: 2 - description: "MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1." + description: "MaxRollbackPoints controls the number of checkpoints that can be rolled\nback to. The default is 2, with a minimum of 1." minimum: 1.0 type: "integer" memorySnapshotInterval: default: "200ms" - description: "MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms." + description: "MemorySnapshotInterval controls when memory indexes should be snapshotted.\nThis defaults to 200ms, and must be greater than or equal to 1ms." type: "string" numReplica: default: 0 - description: "NumberOfReplica specifies number of secondary index replicas to be created by the Index Service whenever CREATE INDEX is invoked, which ensures high availability and high performance. Note, if nodes and num_replica are both specified in the WITH clause, the specified number of nodes must be one greater than num_replica This defaults to 0, which means no index replicas to be created by default. Minimum must be 0." + description: "NumberOfReplica specifies number of secondary index replicas to be created\nby the Index Service whenever CREATE INDEX is invoked, which ensures\nhigh availability and high performance.\nNote, if nodes and num_replica are both specified in the WITH clause,\nthe specified number of nodes must be one greater than num_replica\nThis defaults to 0, which means no index replicas to be created by default.\nMinimum must be 0." minimum: 0.0 type: "integer" redistributeIndexes: default: false - description: "RedistributeIndexes when true, Couchbase Server redistributes indexes when rebalance occurs, in order to optimize performance. If false (the default), such redistribution does not occur." + description: "RedistributeIndexes when true, Couchbase Server redistributes indexes\nwhen rebalance occurs, in order to optimize performance.\nIf false (the default), such redistribution does not occur." type: "boolean" stableSnapshotInterval: default: "5s" - description: "StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms." + description: "StableSnapshotInterval controls when disk indexes should be snapshotted.\nThis defaults to 5s, and must be greater than or equal to 1ms." type: "string" storageMode: default: "memory_optimized" - description: "StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of \"memory_optimized\" or \"plasma\", defaulting to \"memory_optimized\"." + description: "StorageMode controls the underlying storage engine for indexes. Once set\nit can only be modified if there are no nodes in the cluster running the\nindex service. The field must be one of \"memory_optimized\" or \"plasma\",\ndefaulting to \"memory_optimized\"." enum: - "memory_optimized" - "plasma" type: "string" threads: - description: "Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0." + description: "Threads controls the number of processor threads to use for indexing.\nA value of 0 means 1 per CPU. This attribute must be greater\nthan or equal to 0, defaulting to 0." minimum: 0.0 type: "integer" type: "object" @@ -478,24 +504,158 @@ spec: default: true description: "BackfillEnabled allows the query service to backfill." type: "boolean" + cboEnabled: + default: true + description: "CBOEnabled specifies whether the cost-based optimizer is enabled.\nDefaults to true." + type: "boolean" + cleanupClientAttemptsEnabled: + default: true + description: "CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just\ntransactions that it has created, leaving transactions for the distributed cleanup process only\nwhen it is forced to.\nDefaults to true." + type: "boolean" + cleanupLostAttemptsEnabled: + default: true + description: "CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup\nprocess, and cleans up expired transactions created by any client.\nDefaults to true." + type: "boolean" + cleanupWindow: + default: "60s" + description: "CleanupWindow specifies how frequently the Query service checks its subset of active\ntransaction records for cleanup.\nDefaults to 60s" + type: "string" + completedLimit: + default: 4000 + description: "CompletedLimit sets the number of requests to be logged in the completed\nrequests catalog. As new completed requests are added, old ones are removed." + format: "int32" + type: "integer" + completedMaxPlanSize: + anyOf: + - type: "integer" + - type: "string" + default: "262144" + description: "CompletedMaxPlanSize limits the size of query execution plans that can be logged in the\ncompleted requests catalog. Queries with plans larger than this are not logged.\nThis field is only supported on CB versions 7.6.0+.\nDefaults to 262144, maximum value is 20840448, and minimum value is 0." + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + type: "string" + x-kubernetes-int-or-string: true + completedTrackingAllRequests: + default: false + description: "CompletedTrackingAllRequests allows all requests to be tracked regardless of their\ntime. This field requires `completedTrackingEnabled` to be true." + type: "boolean" + completedTrackingEnabled: + default: true + description: "CompletedTrackingEnabled allows completed requests to be tracked in the requests\ncatalog." + type: "boolean" + completedTrackingThreshold: + default: "7s" + description: "CompletedThreshold is a trigger for queries to be logged in the completed\nrequests catalog. All completed queries lasting longer than this threshold\nare logged in the completed requests catalog. This field requires `completedTrackingEnabled`\nto be set to true and `completedTrackingAllRequests` to be false to have any effect." + type: "string" + logLevel: + default: "info" + description: "LogLevel controls the verbosity of query logs. This field must be one of\n\"debug\", \"trace\", \"info\", \"warn\", \"error\", \"severe\", or \"none\", defaulting to \"info\"." + enum: + - "debug" + - "trace" + - "info" + - "warn" + - "error" + - "severe" + - "none" + type: "string" + maxParallelism: + default: 1 + description: "MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster.\nIf the value is zero, negative, or larger than the number of allowed cored the maximum parallelism\nis restricted to the number of allowed cores.\nDefaults to 1." + format: "int32" + type: "integer" + memoryQuota: + anyOf: + - type: "integer" + - type: "string" + default: "0" + description: "MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster.\nThis parameter enforces a ceiling on the memory used for the tracked documents required for processing\na request. It does not take into account any other memory that might be used to process a request,\nsuch as the stack, the operators, or some intermediate values.\nDefaults to 0." + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + type: "string" + x-kubernetes-int-or-string: true + nodeQuotaValPercent: + default: 67 + description: "NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked\nvalue content memory across all active requests for every Query node in the cluster.\nThis field is only supported on CB versions 7.6.0+.\nDefaults to 67." + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" + numActiveTransactionRecords: + default: 1024 + description: "NumActiveTransactionRecords specifies the total number of active transaction records for\nall Query nodes in the cluster.\nDefault to 1024 and has a minimum of 1." + format: "int32" + minimum: 1.0 + type: "integer" + numCpus: + default: 0 + description: "NumCpus is the number of CPUs the Query service can use on any Query node in the cluster.\nWhen set to 0 (the default), the Query service can use all available CPUs, up to the limits described below.\nThe number of CPUs can never be greater than the number of logical CPUs.\nIn Community Edition, the number of allowed CPUs cannot be greater than 4.\nIn Enterprise Edition, there is no limit to the number of allowed CPUs.\nThis field is only supported on CB versions 7.6.0+.\nNOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling\nnodes that are running the query service.\nDefaults to 0" + format: "int32" + minimum: 0.0 + type: "integer" + pipelineBatch: + default: 16 + description: "PipelineBatch controls the number of items execution operators can batch for\nFetch from the KV. Defaults to 16." + format: "int32" + type: "integer" + pipelineCap: + default: 512 + description: "PipelineCap controls the maximum number of items each execution\noperator can buffer between various operators. Defaults to 512." + format: "int32" + type: "integer" + preparedLimit: + default: 16384 + description: "PreparedLimit is the maximum number of prepared statements in the cache.\nWhen this cache reaches the limit, the least recently used prepared\nstatements will be discarded as new prepared statements are created." + format: "int32" + type: "integer" + scanCap: + default: 512 + description: "ScapCan sets the maximum buffered channel size between the indexer client\nand the query service for index scans.\nDefaults to 512." + format: "int32" + type: "integer" temporarySpace: anyOf: - type: "integer" - type: "string" default: "5Gi" - description: "TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires `backfillEnabled` to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "TemporarySpace allows the temporary storage used by the query\nservice backfill, per-pod, to be modified. This field requires\n`backfillEnabled` to be set to true in order to have any effect.\nMore info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true temporarySpaceUnlimited: - description: "TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires `backfillEnabled` to be set to true in order to have any effect. This field overrides `temporarySpace`." + description: "TemporarySpaceUnlimited allows the temporary storage used by\nthe query service backfill, per-pod, to be unconstrained. This field\nrequires `backfillEnabled` to be set to true in order to have any effect.\nThis field overrides `temporarySpace`." + type: "boolean" + timeout: + description: "Timeout is the maximum time to spend on the request before timing out.\nIf this field is not set then there will be no timeout." + type: "string" + txTimeout: + default: "0ms" + description: "TxTimeout is the maximum time to spend on a transaction before timing out. This setting\nonly applies to requests containing the BEGIN TRANSACTION statement, or to requests where\nthe tximplicit parameter is set. For all other requests, it is ignored.\nDefaults to 0ms (no timeout)." + type: "string" + useReplica: + description: "UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets\nare inaccessible. If set to true then read from replica is enabled for all queries, but can\nbe disabled at request level. If set to false read from replica is disabled for all queries\nand cannot be overridden at request level. If this field is unset then it is enabled/disabled\nat the request level.\nThis field is only supported on CB versions 7.6.0+." type: "boolean" + required: + - "cboEnabled" + - "cleanupClientAttemptsEnabled" + - "cleanupLostAttemptsEnabled" + - "cleanupWindow" + - "completedLimit" + - "completedMaxPlanSize" + - "completedTrackingAllRequests" + - "completedTrackingEnabled" + - "maxParallelism" + - "nodeQuotaValPercent" + - "numActiveTransactionRecords" + - "numCpus" + - "pipelineBatch" + - "pipelineCap" + - "preparedLimit" + - "scanCap" type: "object" queryServiceMemoryQuota: anyOf: - type: "integer" - type: "string" - description: "QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled,\nand is used to define the amount of memory reserved by the query service for use with\nKubernetes resource scheduling. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes\nIn CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster.\nThe garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory\nusage may exceed this value." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -504,30 +664,30 @@ spec: - type: "integer" - type: "string" default: "256Mi" - description: "SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "SearchServiceMemQuota is the amount of memory that should be allocated to the search service.\nThis value is per-pod, and only applicable to pods belonging to server classes running\nthe search service. This field must be a quantity greater than or equal to 256Mi. This\nfield defaults to 256Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true type: "object" enableOnlineVolumeExpansion: - description: "EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class's \"allowVolumeExpansion\" field is set to true. Additionally, Kubernetes feature \"ExpandInUsePersistentVolumes\" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim \n If \"EnableOnlineVolumeExpansion\" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims" + description: "EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes.\nYou can only expand a PVC if its storage class's \"allowVolumeExpansion\" field is set to true.\nAdditionally, Kubernetes feature \"ExpandInUsePersistentVolumes\" must be enabled in order to\nexpand the volumes which are actively bound to Pods.\nVolumes can only be expanded and not reduced to a smaller size.\nSee: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim\n\n\nIf \"EnableOnlineVolumeExpansion\" is enabled for use within an environment that does\nnot actually support online volume and file system expansion then the cluster will fallback to\nrolling upgrade procedure to create a new set of Pods for use with resized Volumes.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims" type: "boolean" enablePreviewScaling: - description: "DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling enables autoscaling for stateful services and buckets." + description: "DEPRECATED - This option only exists for backwards compatibility and no longer\nrestricts autoscaling to ephemeral services.\nEnablePreviewScaling enables autoscaling for stateful services and buckets." type: "boolean" envImagePrecedence: - description: "EnvImagePrecedence gives precedence over the default container image name in `spec.Image` to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html" + description: "EnvImagePrecedence gives precedence over the default container image name in\n`spec.Image` to an image name provided through Operator environment variables.\nFor more info on using Operator environment variables:\nhttps://docs.couchbase.com/operator/current/reference-operator-configuration.html" type: "boolean" hibernate: description: "Hibernate is whether to hibernate the cluster." type: "boolean" hibernationStrategy: - description: "HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false." + description: "HibernationStrategy defines how to hibernate the cluster. When Immediate\nthe Operator will immediately delete all pods and take no further action until\nthe hibernate field is set to false." enum: - "Immediate" type: "string" image: - description: "Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster." + description: "Image is the container image name that will be used to launch Couchbase\nserver instances. Updating this field will cause an automatic upgrade of\nthe cluster. Explicitly specifying the image for a server class will override\nthis value for the server class." pattern: "^(.*?(:\\d+)?/)?.*?/.*?(:.*?\\d+\\.\\d+\\.\\d+.*|@sha256:[0-9a-f]{64})$" type: "string" logging: @@ -537,14 +697,14 @@ spec: description: "Used to manage the audit configuration directly" properties: disabledEvents: - description: "The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html" + description: "The list of event ids to disable for auditing purposes.\nThis is passed to the REST API with no verification by the operator.\nRefer to the documentation for details:\nhttps://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html" items: type: "integer" type: "array" disabledUsers: - description: "The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user" + description: "The list of users to ignore for auditing purposes.\nThis is passed to the REST API with minimal validation it meets an acceptable regex pattern.\nRefer to the documentation for full details on how to configure this:\nhttps://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user" items: - description: "The AuditDisabledUser is actually a compound string intended to feed a two-element struct. Its value may be: 1. A local user, specified in the form localusername/local. 2. An external user, specified in the form externalusername/external. 3. An internal user, specified in the form @internalusername/local. We add a quick validation check to make sure these match and prevent being rejected by the API later. This is just a sanity check, the REST API may still reject the user for other reasons." + description: "The AuditDisabledUser is actually a compound string intended to feed a two-element struct.\nIts value may be:\n1. A local user, specified in the form localusername/local.\n2. An external user, specified in the form externalusername/external.\n3. An internal user, specified in the form @internalusername/local.\nWe add a quick validation check to make sure these match and prevent being rejected by the API later.\nThis is just a sanity check, the REST API may still reject the user for other reasons." pattern: "^.+/(local|external)$" type: "string" type: "array" @@ -552,10 +712,10 @@ spec: description: "Enabled is a boolean that enables the audit capabilities." type: "boolean" garbageCollection: - description: "Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html" + description: "Handle all optional garbage collection (GC) configuration for the audit functionality.\nThis is not part of the audit REST API, it is intended to handle GC automatically for the audit logs.\nBy default the Couchbase Server rotates the audit logs but does not clean up the rotated logs.\nThis is left as an operation for the cluster administrator to manage, the operator allows for us to automate this:\nhttps://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html" properties: sidecar: - description: "Provide the sidecar configuration required (if so desired) to automatically clean up audit logs." + description: "DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server 7.2.4+\nProvide the sidecar configuration required (if so desired) to automatically clean up audit logs." properties: age: default: "1h" @@ -566,15 +726,30 @@ spec: type: "boolean" image: default: "busybox:1.33.1" - description: "Image is the image to be used to run the audit sidecar helper. No validation is carried out as this can be any arbitrary repo and tag." + description: "Image is the image to be used to run the audit sidecar helper.\nNo validation is carried out as this can be any arbitrary repo and tag." type: "string" interval: default: "20m" description: "The interval at which to check for rotated log files to remove, defaults to 20 minutes." type: "string" resources: - description: "Resources is the resource requirements for the cleanup container. Will be populated by Kubernetes defaults if not specified." + description: "Resources is the resource requirements for the cleanup container.\nWill be populated by Kubernetes defaults if not specified." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -582,7 +757,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -591,24 +766,28 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" type: "object" rotation: - description: "The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html" + description: "The interval to optionally rotate the audit log.\nThis is passed to the REST API, see here for details:\nhttps://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html" properties: interval: default: "15m" description: "The interval at which to rotate log files, defaults to 15 minutes." type: "string" + pruneAge: + default: "0" + description: "How long Couchbase Server keeps rotated audit logs.\nIf set to 0 (the default) then audit logs won't be pruned.\nHas a maximum of 35791394 seconds." + type: "string" size: anyOf: - type: "integer" - type: "string" default: "20Mi" - description: "Size allows the specification of a rotation size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "Size allows the specification of a rotation size for the log, defaults to 20Mi.\nMore info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -627,14 +806,14 @@ spec: properties: configurationName: default: "fluent-bit-config" - description: "ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway." + description: "ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace.\nA Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too.\nIf it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running.\nNote that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each,\notherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is\nremoved. If running clusters in separate namespaces then they will be separate Secrets anyway." type: "string" enabled: description: "Enabled is a boolean that enables the logging sidecar container." type: "boolean" manageConfiguration: default: true - description: "A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it's ownership stays the same so it will be cleaned up when it's owner is." + description: "A boolean which indicates whether the operator should manage the configuration or not.\nIf omitted then this defaults to true which means the operator will attempt to reconcile it to default values.\nTo use a custom configuration make sure to set this to false.\nNote that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by\nthe operator but it's ownership stays the same so it will be cleaned up when it's owner is." type: "boolean" sidecar: default: {} @@ -642,15 +821,30 @@ spec: properties: configurationMountPath: default: "/fluent-bit/config/" - description: "ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. If another log shipping image is used that needs a different mount then modify this. Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, there is no provision for overriding the name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE environment variable." + description: "ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image.\nIf another log shipping image is used that needs a different mount then modify this.\nNote that the configuration file must be called 'fluent-bit.conf' at the root of this path,\nthere is no provision for overriding the name of the config file passed as the\nCOUCHBASE_LOGS_CONFIG_FILE environment variable." type: "string" image: default: "couchbase/fluent-bit:1.2.1" - description: "Image is the image to be used to deal with logging as a sidecar. No validation is carried out as this can be any arbitrary repo and tag. It will default to the latest supported version of Fluent Bit." + description: "Image is the image to be used to deal with logging as a sidecar.\nNo validation is carried out as this can be any arbitrary repo and tag.\nIt will default to the latest supported version of Fluent Bit." type: "string" resources: - description: "Resources is the resource requirements for the sidecar container. Will be populated by Kubernetes defaults if not specified." + description: "Resources is the resource requirements for the sidecar container.\nWill be populated by Kubernetes defaults if not specified." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -658,7 +852,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -667,37 +861,52 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" type: "object" type: "object" monitoring: - description: "Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure." + description: "DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+\nMonitoring defines any Operator managed integration into 3rd party monitoring\ninfrastructure." properties: prometheus: - description: "Prometheus provides integration with Prometheus monitoring." + description: "DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+\nPrometheus provides integration with Prometheus monitoring." properties: authorizationSecret: - description: "AuthorizationSecret is the name of a Kubernetes secret that contains a bearer token to authorize GET requests to the metrics endpoint" + description: "AuthorizationSecret is the name of a Kubernetes secret that contains a\nbearer token to authorize GET requests to the metrics endpoint" type: "string" enabled: - description: "Enabled is a boolean that enables/disables the metrics sidecar container. This must be set to true, when image is provided." + description: "Enabled is a boolean that enables/disables the metrics sidecar container.\nThis must be set to true, when image is provided." type: "boolean" image: - description: "Image is the metrics image to be used to collect metrics. No validation is carried out as this can be any arbitrary repo and tag. enabled must be set to true, when image is provided." + description: "Image is the metrics image to be used to collect metrics.\nNo validation is carried out as this can be any arbitrary repo and tag.\nenabled must be set to true, when image is provided." type: "string" refreshRate: default: 60 - description: "RefreshRate is the frequency in which cached statistics are updated in seconds. Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second." + description: "RefreshRate is the frequency in which cached statistics are updated in seconds.\nShorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+\nDefault is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second." format: "int64" maximum: 600.0 minimum: 1.0 type: "integer" resources: - description: "Resources is the resource requirements for the metrics container. Will be populated by Kubernetes defaults if not specified." + description: "Resources is the resource requirements for the metrics container.\nWill be populated by Kubernetes defaults if not specified." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -705,7 +914,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -714,7 +923,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" required: @@ -722,87 +931,87 @@ spec: type: "object" type: "object" networking: - description: "Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings." + description: "Networking defines Couchbase cluster networking options such as network\ntopology, TLS and DDNS settings." properties: addressFamily: - description: "AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+." + description: "AddressFamily allows the manual selection of the address family to use.\nWhen this field is not set, Couchbase server will default to using IPv4\nfor internal communication and also support IPv6 on dual stack systems.\nSetting this field to either IPv4 or IPv6 will force Couchbase to use the\nselected protocol for internal communication, and also disable all other\nprotocols to provide added security and simplicty when defining firewall\nrules. Disabling of address families is only supported in Couchbase\nServer 7.0.2+." enum: - "IPv4" - "IPv6" type: "string" adminConsoleServiceTemplate: - description: "AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core" + description: "AdminConsoleServiceTemplate provides a template used by the Operator to create\nand manage the admin console service. This allows services to be annotated, the\nservice type defined and any other options that Kubernetes provides. When using\na LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator\nreserves the right to modify or replace any field. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core" properties: metadata: - description: "Standard objects metadata. This is a curated version for use with Couchbase resource templates." + description: "Standard objects metadata. This is a curated version for use with Couchbase\nresource templates." properties: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + description: "Annotations is an unstructured key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. They\nare not queryable and should be preserved when modifying objects. More\ninfo: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: type: "string" - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + description: "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services. More info: http://kubernetes.io/docs/user-guide/labels" type: "object" type: "object" spec: description: "ServiceSpec describes the attributes that a user creates on a service." properties: allocateLoadBalancerNodePorts: - description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type." + description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type." type: "boolean" clusterIP: - description: "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" externalIPs: - description: "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system." + description: "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system." items: type: "string" type: "array" externalName: - description: "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." + description: "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." type: "string" externalTrafficPolicy: - description: "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node." + description: "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node." type: "string" healthCheckNodePort: - description: "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set." + description: "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set." format: "int32" type: "integer" internalTrafficPolicy: - description: "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features)." + description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: - description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." + description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" type: "array" x-kubernetes-list-type: "atomic" ipFamilyPolicy: - description: "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName." + description: "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName." type: "string" loadBalancerClass: - description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." + description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." type: "string" loadBalancerIP: - description: "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version." + description: "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available." type: "string" loadBalancerSourceRanges: - description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" + description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" items: type: "string" type: "array" sessionAffinity: - description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" sessionAffinityConfig: description: "sessionAffinityConfig contains the configurations of session affinity." @@ -811,25 +1020,25 @@ spec: description: "clientIP contains the configurations of Client IP based session affinity." properties: timeoutSeconds: - description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours)." + description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours)." format: "int32" type: "integer" type: "object" type: "object" type: - description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" + description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" type: "string" type: "object" type: "object" adminConsoleServiceType: default: "NodePort" - description: "DEPRECATED - by adminConsoleServiceTemplate. AdminConsoleServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of \"NodePort\" or \"LoadBalancer\", defaulting to \"NodePort\"." + description: "DEPRECATED - by adminConsoleServiceTemplate.\nAdminConsoleServiceType defines whether to create a node port or load balancer service.\nWhen using a LoadBalancer service type, TLS and dynamic DNS must also be enabled.\nThis field must be one of \"NodePort\" or \"LoadBalancer\", defaulting to \"NodePort\"." enum: - "NodePort" - "LoadBalancer" type: "string" adminConsoleServices: - description: "DEPRECATED - not required by Couchbase Server. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of \"data\", \"index\", \"query\", \"search\", \"eventing\" and \"analytics\". Each service may only be included once." + description: "DEPRECATED - not required by Couchbase Server.\nAdminConsoleServices is a selector to choose specific services to expose via the admin\nconsole. This field may contain any of \"data\", \"index\", \"query\", \"search\", \"eventing\"\nand \"analytics\". Each service may only be included once." items: description: "Supported services" enum: @@ -844,110 +1053,128 @@ spec: type: "array" x-kubernetes-list-type: "set" cloudNativeGateway: - description: "DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster." + description: "CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase\ncluster." properties: image: - description: "DEVELOPER PREVIEW - This feature is in developer preview. Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory." + description: "Image is the Cloud Native Gateway image to be used to run the sidecar container.\nNo validation is carried out as this can be any arbitrary repo and tag.\nTODO: provide a default kubebuilder default image tag as field is mandatory." + type: "string" + logLevel: + default: "info" + description: "DEVELOPER PREVIEW - This feature is in developer preview.\nLogLevel controls the verbosity of cloud native logs. This field must be one of\n\"fatal\", \"panic\", \"dpanic\", \"error\", \"warn\", \"info\", \"debug\" defaulting to \"info\"." + enum: + - "fatal" + - "panic" + - "dpanic" + - "error" + - "warn" + - "info" + - "debug" type: "string" + terminationGracePeriodSeconds: + default: 75 + description: "TerminationGracePeriodSeconds specifies the grace period for the container to\nterminate. Defaults to 75 seconds." + format: "int64" + type: "integer" tls: - description: "DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies." + description: "TLS defines the TLS configuration for the Cloud Native Gateway server including\nserver and client certificate configuration, and TLS security policies.\nIf no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys\nand creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-`\nunique to a Couchbase cluster, which is volume mounted to the cb k8s pod.\nThis action could be overidden at the outset or later, by using the below\nTLS config or generating the secret of same name as\n`couchbase-cloud-native-gateway-self-signed-secret-` with certificates\nconforming to the keys of well-known type \"kubernetes.io/tls\" with \"tls.crt\" and \"tls.key\".\nN.B. The secret is on per cluster basis so it's advised to use the unique cluster name else\nwould be ignored." properties: serverSecretName: - description: "DEVELOPER PREVIEW - This feature is in developer preview. ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains Cloud Native Gateway gRPC server TLS data. The secret is expected to contain \"tls.crt\" and \"tls.key\" as per the kubernetes.io/tls secret type." + description: "ServerSecretName specifies the secret name, in the same namespace as the cluster,\nthat contains Cloud Native Gateway gRPC server TLS data.\nThe secret is expected to contain \"tls.crt\" and\n\"tls.key\" as per the kubernetes.io/tls secret type." type: "string" type: "object" required: - "image" + - "logLevel" type: "object" disableUIOverHTTP: - description: "DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false." + description: "DisableUIOverHTTP is used to explicitly enable and disable UI access over\nthe HTTP protocol. If not specified, this field defaults to false." type: "boolean" disableUIOverHTTPS: - description: "DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false." + description: "DisableUIOverHTTPS is used to explicitly enable and disable UI access over\nthe HTTPS protocol. If not specified, this field defaults to false." type: "boolean" dns: description: "DNS defines information required for Dynamic DNS support." properties: domain: - description: "Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key \"external-dns.alpha.kubernetes.io/hostname\". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server." + description: "Domain is the domain to create pods in. When populated the Operator\nwill annotate the admin console and per-pod services with the key\n\"external-dns.alpha.kubernetes.io/hostname\". These annotations can\nbe used directly by a Kubernetes External-DNS controller to replicate\nload balancer service IP addresses into a public DNS server." type: "string" type: "object" exposeAdminConsole: - description: "ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field." + description: "ExposeAdminConsole creates a service referencing the admin console.\nThe service is configured by the adminConsoleServiceTemplate field." type: "boolean" exposedFeatureServiceTemplate: - description: "ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core" + description: "ExposedFeatureServiceTemplate provides a template used by the Operator to create\nand manage per-pod services. This allows services to be annotated, the\nservice type defined and any other options that Kubernetes provides. When using\na LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator\nreserves the right to modify or replace any field. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core" properties: metadata: - description: "Standard objects metadata. This is a curated version for use with Couchbase resource templates." + description: "Standard objects metadata. This is a curated version for use with Couchbase\nresource templates." properties: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + description: "Annotations is an unstructured key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. They\nare not queryable and should be preserved when modifying objects. More\ninfo: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: type: "string" - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + description: "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services. More info: http://kubernetes.io/docs/user-guide/labels" type: "object" type: "object" spec: description: "ServiceSpec describes the attributes that a user creates on a service." properties: allocateLoadBalancerNodePorts: - description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type." + description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type." type: "boolean" clusterIP: - description: "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" externalIPs: - description: "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system." + description: "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system." items: type: "string" type: "array" externalName: - description: "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." + description: "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." type: "string" externalTrafficPolicy: - description: "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node." + description: "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node." type: "string" healthCheckNodePort: - description: "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set." + description: "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set." format: "int32" type: "integer" internalTrafficPolicy: - description: "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features)." + description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: - description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." + description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" type: "array" x-kubernetes-list-type: "atomic" ipFamilyPolicy: - description: "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName." + description: "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName." type: "string" loadBalancerClass: - description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." + description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." type: "string" loadBalancerIP: - description: "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version." + description: "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available." type: "string" loadBalancerSourceRanges: - description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" + description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" items: type: "string" type: "array" sessionAffinity: - description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" sessionAffinityConfig: description: "sessionAffinityConfig contains the configurations of session affinity." @@ -956,105 +1183,106 @@ spec: description: "clientIP contains the configurations of Client IP based session affinity." properties: timeoutSeconds: - description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours)." + description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours)." format: "int32" type: "integer" type: "object" type: "object" type: - description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" + description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" type: "string" type: "object" type: "object" exposedFeatureServiceType: default: "NodePort" - description: "DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of \"NodePort\" or \"LoadBalancer\", defaulting to \"NodePort\"." + description: "DEPRECATED - by exposedFeatureServiceTemplate.\nExposedFeatureServiceType defines whether to create a node port or load balancer service.\nWhen using a LoadBalancer service type, TLS and dynamic DNS must also be enabled.\nThis field must be one of \"NodePort\" or \"LoadBalancer\", defaulting to \"NodePort\"." enum: - "NodePort" - "LoadBalancer" type: "string" exposedFeatureTrafficPolicy: - description: "DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either \"Cluster\" or \"Local\", defaulting to \"Local\"," + description: "DEPRECATED - by exposedFeatureServiceTemplate.\nExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer\nservice to a Couchbase pod. When local, traffic is routed directly to the pod. When\ncluster, traffic is routed to any node, then forwarded on. While cluster routing may be\nslower, there are some situations where it is required for connectivity. This field\nmust be either \"Cluster\" or \"Local\", defaulting to \"Local\"," enum: - "Cluster" - "Local" type: "string" exposedFeatures: - description: "ExposedFeatures is a list of Couchbase features to expose when using a networking model that exposes the Couchbase cluster externally to Kubernetes. This field also triggers the creation of per-pod services used by clients to connect to the Couchbase cluster. When admin, only the administrator port is exposed, allowing remote administration. When xdcr, only the services required for remote replication are exposed. The xdcr feature is only required when the cluster is the destination of an XDCR replication. When client, all services are exposed as required for client SDK operation. This field may contain any of \"admin\", \"xdcr\" and \"client\". Each feature may only be included once." + description: "ExposedFeatures is a list of Couchbase features to expose when using a networking\nmodel that exposes the Couchbase cluster externally to Kubernetes. This field also\ntriggers the creation of per-pod services used by clients to connect to the Couchbase\ncluster. When admin, only the administrator port is exposed, allowing remote\nadministration. When xdcr, only the services required for remote replication are exposed.\nThe xdcr feature is only required when the cluster is the destination of an XDCR\nreplication. When client, all services are exposed as required for client SDK operation.\nThis field may contain any of \"admin\", \"xdcr\" and \"client\". Each feature may only be\nincluded once." items: enum: - "admin" - "xdcr" - "client" + - "backup" type: "string" type: "array" x-kubernetes-list-type: "set" loadBalancerSourceRanges: - description: "DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. LoadBalancerSourceRanges applies only when an exposed service is of type LoadBalancer and limits the source IP ranges that are allowed to use the service. Items must use IPv4 class-less interdomain routing (CIDR) notation e.g. 10.0.0.0/16." + description: "DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.\nLoadBalancerSourceRanges applies only when an exposed service is of type\nLoadBalancer and limits the source IP ranges that are allowed to use the\nservice. Items must use IPv4 class-less interdomain routing (CIDR) notation\ne.g. 10.0.0.0/16." items: pattern: "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/\\d{1,2}$" type: "string" type: "array" networkPlatform: - description: "NetworkPlatform is used to enable support for various networking technologies. This field must be one of \"Istio\"." + description: "NetworkPlatform is used to enable support for various networking\ntechnologies. This field must be one of \"Istio\"." enum: - "Istio" type: "string" serviceAnnotations: additionalProperties: type: "string" - description: "DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation." + description: "DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.\nServiceAnnotations allows services to be annotated with custom labels.\nOperator annotations are merged on top of these so have precedence as\nthey are required for correct operation." type: "object" tls: - description: "TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies." + description: "TLS defines the TLS configuration for the cluster including\nserver and client certificate configuration, and TLS security policies." properties: allowPlainTextCertReload: default: false - description: "AllowPlainTextCertReload allows the reload of TLS certificates in plain text. This option should only be enabled as a means to recover connectivity with server in the event that any of the server certificates expire. When enabled the Operator only attempts plain text cert reloading when expired certificates are detected." + description: "AllowPlainTextCertReload allows the reload of TLS certificates in plain text.\nThis option should only be enabled as a means to recover connectivity with\nserver in the event that any of the server certificates expire. When enabled\nthe Operator only attempts plain text cert reloading when expired certificates\nare detected." type: "boolean" cipherSuites: - description: "CipherSuites specifies a list of cipher suites for Couchbase server to select from when negotiating TLS handshakes with a client. Suites are not validated by the Operator. Run \"openssl ciphers -v\" in a Couchbase server pod to interrogate supported values." + description: "CipherSuites specifies a list of cipher suites for Couchbase server to select\nfrom when negotiating TLS handshakes with a client. Suites are not validated\nby the Operator. Run \"openssl ciphers -v\" in a Couchbase server pod to\ninterrogate supported values." items: type: "string" type: "array" x-kubernetes-list-type: "set" clientCertificatePaths: - description: "ClientCertificatePaths defines where to look in client certificates in order to extract the user name." + description: "ClientCertificatePaths defines where to look in client certificates in order\nto extract the user name." items: description: "ClientCertificatePath defines how to extract a username from a client ceritficate." properties: delimiter: - description: "Delimiter if specified allows a suffix to be stripped from the username, once extracted from the certificate path." + description: "Delimiter if specified allows a suffix to be stripped from the username, once\nextracted from the certificate path." type: "string" path: - description: "Path defines where in the X.509 specification to extract the username from. This field must be either \"subject.cn\", \"san.uri\", \"san.dnsname\" or \"san.email\"." + description: "Path defines where in the X.509 specification to extract the username from.\nThis field must be either \"subject.cn\", \"san.uri\", \"san.dnsname\" or \"san.email\"." pattern: "^subject\\.cn|san\\.uri|san\\.dnsname|san\\.email$" type: "string" prefix: - description: "Prefix allows a prefix to be stripped from the username, once extracted from the certificate path." + description: "Prefix allows a prefix to be stripped from the username, once extracted from the\ncertificate path." type: "string" required: - "path" type: "object" type: "array" clientCertificatePolicy: - description: "ClientCertificatePolicy defines the client authentication policy to use. If set, the Operator expects TLS configuration to contain a valid certificate/key pair for the Administrator account." + description: "ClientCertificatePolicy defines the client authentication policy to use.\nIf set, the Operator expects TLS configuration to contain a valid certificate/key pair\nfor the Administrator account." enum: - "enable" - "mandatory" type: "string" nodeToNodeEncryption: - description: "NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes within the same cluster. This may come at the expense of performance. When control plane only encryption is used, only cluster management traffic is encrypted between nodes. When all, all traffic is encrypted, including database documents. When strict mode is used, it is the same as all, but also disables all plaintext ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. Node to node encryption can only be used when TLS certificates are managed by the Operator. This field must be either \"ControlPlaneOnly\", \"All\", or \"Strict\"." + description: "NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes\nwithin the same cluster. This may come at the expense of performance. When\ncontrol plane only encryption is used, only cluster management traffic is encrypted\nbetween nodes. When all, all traffic is encrypted, including database documents.\nWhen strict mode is used, it is the same as all, but also disables all plaintext\nports. Strict mode is only available on Couchbase Server versions 7.1 and greater.\nNode to node encryption can only be used when TLS certificates are managed by the\nOperator. This field must be either \"ControlPlaneOnly\", \"All\", or \"Strict\"." enum: - "ControlPlaneOnly" - "All" - "Strict" type: "string" passphrase: - description: "PassphraseConfig configures the passphrase key to use with encrypted certificates. The passphrase may be registered with Couchbase Server using a local script or a rest endpoint. Private key encryption is only available on Couchbase Server versions 7.1 and greater." + description: "PassphraseConfig configures the passphrase key to use with encrypted certificates.\nThe passphrase may be registered with Couchbase Server using a local script or a\nrest endpoint. Private key encryption is only available on Couchbase Server\nversions 7.1 and greater." properties: rest: - description: "PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces." + description: "PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint.\nWhen the private key is accessed, Couchbase Server attempts to extract the password by means of the\nspecified endpoint. The response status must be 200 and the response text must be the exact passphrase\nexcluding newlines and extraneous spaces." properties: addressFamily: default: "inet" @@ -1074,7 +1302,7 @@ spec: format: "int64" type: "integer" url: - description: "URL is the endpoint to be called to retrieve the passphrase. URL will be called using the GET method and may use http/https protocol." + description: "URL is the endpoint to be called to retrieve the passphrase.\nURL will be called using the GET method and may use http/https protocol." type: "string" verifyPeer: default: true @@ -1084,45 +1312,45 @@ spec: - "url" type: "object" script: - description: "PassphraseScriptConfig is the configuration to register a private key passphrase with a script. The Operator auto-provisions the underlying script so this config simply provides a mechanism to perform the decryption of the Couchbase Private Key using a local script." + description: "PassphraseScriptConfig is the configuration to register a private key passphrase with a script.\nThe Operator auto-provisions the underlying script so this config simply provides a mechanism\nto perform the decryption of the Couchbase Private Key using a local script." properties: secret: - description: "Secret is the secret containing the passphrase string. The secret is expected to contain \"passphrase\" key with the passphrase string as a value." + description: "Secret is the secret containing the passphrase string. The secret is expected\nto contain \"passphrase\" key with the passphrase string as a value." type: "string" required: - "secret" type: "object" type: "object" rootCAs: - description: "RootCAs defines a set of secrets that reside in this namespace that contain additional CA certificates that should be installed in Couchbase. The CA certificates that are defined here are in addition to those defined for the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and thus should not be duplicated. Each Secret referred to must be of well-known type \"kubernetes.io/tls\" and must contain one or more CA certificates under the key \"tls.crt\". Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static configuration." + description: "RootCAs defines a set of secrets that reside in this namespace that contain\nadditional CA certificates that should be installed in Couchbase. The CA\ncertificates that are defined here are in addition to those defined for the\ncluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and\nthus should not be duplicated. Each Secret referred to must be of well-known type\n\"kubernetes.io/tls\" and must contain one or more CA certificates under the key \"tls.crt\".\nMultiple root CA certificates are only supported on Couchbase Server 7.1 and greater,\nand not with legacy couchbaseclusters.spec.networking.tls.static configuration." items: type: "string" type: "array" secretSource: - description: "SecretSource enables the user to specify a secret conforming to the Kubernetes TLS secret specification that is used for the Couchbase server certificate, and optionally the Operator's client certificate, providing cert-manager compatibility without having to specify a separate root CA. A server CA certificate must be supplied by one of the provided methods. Certificates referred to must conform to the keys of well-known type \"kubernetes.io/tls\" with \"tls.crt\" and \"tls.key\". If the \"tls.key\" is an encrypted private key then the secret type can be the generic Opaque type since \"kubernetes.io/tls\" type secrets cannot verify encrypted keys." + description: "SecretSource enables the user to specify a secret conforming to the Kubernetes TLS\nsecret specification that is used for the Couchbase server certificate, and optionally\nthe Operator's client certificate, providing cert-manager compatibility without having\nto specify a separate root CA. A server CA certificate must be supplied by one of the\nprovided methods. Certificates referred to must conform to the keys of well-known type\n\"kubernetes.io/tls\" with \"tls.crt\" and \"tls.key\". If the \"tls.key\" is an encrypted\nprivate key then the secret type can be the generic Opaque type since \"kubernetes.io/tls\"\ntype secrets cannot verify encrypted keys." properties: clientSecretName: - description: "ClientSecretName specifies the secret name, in the same namespace as the cluster, the contains client TLS data. The secret is expected to contain \"tls.crt\" and \"tls.key\" as per the Kubernetes.io/tls secret type." + description: "ClientSecretName specifies the secret name, in the same namespace as the cluster,\nthe contains client TLS data. The secret is expected to contain \"tls.crt\" and\n\"tls.key\" as per the Kubernetes.io/tls secret type." type: "string" serverSecretName: - description: "ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains server TLS data. The secret is expected to contain \"tls.crt\" and \"tls.key\" as per the kubernetes.io/tls secret type. It may also contain \"ca.crt\". Only a single PEM formated x509 certificate can be provided to \"ca.crt\". The single certificate may also bundle together multiple root CA certificates. Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater." + description: "ServerSecretName specifies the secret name, in the same namespace as the cluster,\nthat contains server TLS data. The secret is expected to contain \"tls.crt\" and\n\"tls.key\" as per the kubernetes.io/tls secret type. It may also contain \"ca.crt\".\nOnly a single PEM formated x509 certificate can be provided to \"ca.crt\".\nThe single certificate may also bundle together multiple root CA certificates.\nMultiple root CA certificates are only supported on Couchbase Server 7.1 and greater." type: "string" required: - "serverSecretName" type: "object" static: - description: "DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. Static enables user to generate static x509 certificates and keys, put them into Kubernetes secrets, and specify them here. Static secrets are Couchbase specific, and follow no well-known standards." + description: "DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource.\nStatic enables user to generate static x509 certificates and keys,\nput them into Kubernetes secrets, and specify them here. Static secrets\nare Couchbase specific, and follow no well-known standards." properties: operatorSecret: - description: "OperatorSecret is a secret name containing TLS certs used by operator to talk securely to this cluster. The secret must contain a CA certificate (data key ca.crt). If client authentication is enabled, then the secret must also contain a client certificate chain (data key \"couchbase-operator.crt\") and private key (data key \"couchbase-operator.key\")." + description: "OperatorSecret is a secret name containing TLS certs used by operator to\ntalk securely to this cluster. The secret must contain a CA certificate (data key\nca.crt). If client authentication is enabled, then the secret must also contain\na client certificate chain (data key \"couchbase-operator.crt\") and private key\n(data key \"couchbase-operator.key\")." type: "string" serverSecret: - description: "ServerSecret is a secret name containing TLS certs used by each Couchbase member pod for the communication between Couchbase server and its clients. The secret must contain a certificate chain (data key \"chain.pem\") and a private key (data key \"pkey.key\"). The private key must be in the PKCS#1 RSA format. The certificate chain must have a required set of X.509v3 subject alternative names for all cluster addressing modes. See the Operator TLS documentation for more information." + description: "ServerSecret is a secret name containing TLS certs used by each Couchbase member pod\nfor the communication between Couchbase server and its clients. The secret must\ncontain a certificate chain (data key \"chain.pem\") and a private\nkey (data key \"pkey.key\"). The private key must be in the PKCS#1 RSA\nformat. The certificate chain must have a required set of X.509v3 subject alternative\nnames for all cluster addressing modes. See the Operator TLS documentation for more\ninformation." type: "string" type: "object" tlsMinimumVersion: default: "TLS1.2" - description: "TLSMinimumVersion specifies the minimum TLS version the Couchbase server can negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward." + description: "TLSMinimumVersion specifies the minimum TLS version the Couchbase server can\nnegotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3,\ndefaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward.\nTLS1.0 and TLS1.1 are not valid for Couchbase Server 7.6.0 onward." enum: - "TLS1.0" - "TLS1.1" @@ -1132,115 +1360,124 @@ spec: type: "object" waitForAddressReachable: default: "10m" - description: "WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial `waitForAddressReachableDelay` to allow propagation." + description: "WaitForAddressReachable is used to set the timeout between when polling of\nexternal addresses is started, and when it is deemed a failure. Polling of\nDNS name availability inherently dangerous due to negative caching, so prefer\nthe use of an initial `waitForAddressReachableDelay` to allow propagation." type: "string" waitForAddressReachableDelay: default: "2m" - description: "WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses." + description: "WaitForAddressReachableDelay is used to defer operator checks that\nensure external addresses are reachable before new nodes are balanced\nin to the cluster. This prevents negative DNS caching while waiting\nfor external-DDNS controllers to propagate addresses." type: "string" type: "object" + onlineVolumeExpansionTimeoutInMins: + description: "OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes\nfor expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true.\nValue must be between 0 and 30.\nIf no value is provided, then it defaults to 10 minutes." + maximum: 30.0 + minimum: 0.0 + type: "integer" paused: - description: "Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action." + description: "Paused is to pause the control of the operator for the Couchbase cluster.\nThis does not pause the cluster itself, instead stopping the operator from\ntaking any action." type: "boolean" platform: - description: "Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of \"aws\", \"gke\" or \"azure\"." + description: "Platform gives a hint as to what platform we are running on and how\nto configure services. This field must be one of \"aws\", \"gke\" or \"azure\"." enum: - "aws" - "gce" - "azure" type: "string" recoveryPolicy: - description: "RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either \"PrioritizeDataIntegrity\" or \"PrioritizeUptime\", defaulting to \"PrioritizeDataIntegrity\"." + description: "RecoveryPolicy controls how aggressive the Operator is when recovering cluster\ntopology. When PrioritizeDataIntegrity, the Operator will delegate failover\nexclusively to Couchbase server, relying on it to only allow recovery when safe to\ndo so. When PrioritizeUptime, the Operator will wait for a period after the\nexpected auto-failover of the cluster, before forcefully failing-over the pods.\nThis may cause data loss, and is only expected to be used on clusters with ephemeral\ndata, where the loss of the pod means that the data is known to be unrecoverable.\nThis field must be either \"PrioritizeDataIntegrity\" or \"PrioritizeUptime\", defaulting\nto \"PrioritizeDataIntegrity\"." enum: - "PrioritizeDataIntegrity" - "PrioritizeUptime" type: "string" rollingUpgrade: - description: "When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased." + description: "When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod\nat a time. If this field is specified then that number can be increased." properties: maxUpgradable: - description: "MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if both are defined." + description: "MaxUpgradable allows the number of pods affected by an upgrade at any\none time to be increased. By default a rolling upgrade will\nupgrade one pod at a time. This field allows that limit to be removed.\nThis field must be greater than zero.\nThe smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if\nboth are defined." minimum: 1.0 type: "integer" maxUpgradablePercent: - description: "MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. \"10%\", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if both are defined." + description: "MaxUpgradablePercent allows the number of pods affected by an upgrade at any\none time to be increased. By default a rolling upgrade will\nupgrade one pod at a time. This field allows that limit to be removed.\nThis field must be an integer percentage, e.g. \"10%\", in the range 1% to 100%.\nPercentages are relative to the total cluster size, and rounded down to\nthe nearest whole number, with a minimum of 1. For example, a 10 pod\ncluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration,\nrounded down to 2.\nThe smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if\nboth are defined." pattern: "^(100|[1-9][0-9]|[1-9])%$" type: "string" type: "object" security: - description: "Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings." + description: "Security defines Couchbase cluster security options such as the administrator\naccount username and password, and user RBAC settings." properties: adminSecret: - description: "AdminSecret is the name of a Kubernetes secret to use for administrator authentication. The admin secret must contain the keys \"username\" and \"password\". The password data must be at least 6 characters in length, and not contain the any of the characters `()<>,;:\\\"/[]?={}`." + description: "AdminSecret is the name of a Kubernetes secret to use for administrator authentication.\nThe admin secret must contain the keys \"username\" and \"password\". The password data\nmust be at least 6 characters in length, and not contain the any of the characters\n`()<>,;:\\\"/[]?={}`." type: "string" ldap: - description: "LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server's LDAP configuration. Leave empty to manually manage LDAP configuration." + description: "LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server.\nWhen specified, the Operator keeps these settings in sync with Cocuhbase Server's\nLDAP configuration. Leave empty to manually manage LDAP configuration." properties: authenticationEnabled: default: true - description: "AuthenticationEnabled allows users who attempt to access Couchbase Server without having been added as local users to be authenticated against the specified LDAP Host(s)." + description: "AuthenticationEnabled allows users who attempt to access Couchbase Server without having been\nadded as local users to be authenticated against the specified LDAP Host(s)." type: "boolean" authorizationEnabled: - description: "AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to any Couchbase Server group associated with the user." + description: "AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to\nany Couchbase Server group associated with the user." type: "boolean" bindDN: - description: "DN to use for searching users and groups synchronization. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" + description: "DN to use for searching users and groups synchronization. More info:\nhttps://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" type: "string" bindSecret: - description: "BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. The bindSecret must have a key with the name \"password\" and a value which corresponds to the password of the binding LDAP user." + description: "BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding.\nThe bindSecret must have a key with the name \"password\" and a value which corresponds to the\npassword of the binding LDAP user." type: "string" cacert: - description: "DEPRECATED - Field is ignored, use tlsSecret. CA Certificate in PEM format to be used in LDAP server certificate validation. This cert is the string form of the secret provided to `spec.tls.tlsSecret`." + description: "DEPRECATED - Field is ignored, use tlsSecret.\nCA Certificate in PEM format to be used in LDAP server certificate validation.\nThis cert is the string form of the secret provided to `spec.tls.tlsSecret`." type: "string" cacheValueLifetime: default: 30000 - description: "Lifetime of values in cache in milliseconds. Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" + description: "Lifetime of values in cache in milliseconds. Default 300000 ms. More info:\nhttps://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" format: "int64" type: "integer" encryption: - description: "Encryption determines how the connection with the LDAP server should be encrypted. Encryption may set as either StartTLSExtension, TLS, or false. When set to \"false\" then no verification of the LDAP hostname is performed. When Encryption is StartTLSExtension, or TLS is set then the default behavior is to use the certificate already loaded into the Couchbase Cluster for certificate validation, otherwise `ldap.tlsSecret` may be set to override The Couchbase certificate." + description: "Encryption determines how the connection with the LDAP server should be encrypted.\nEncryption may set as either StartTLSExtension, TLS, or false.\nWhen set to \"false\" then no verification of the LDAP hostname is performed.\nWhen Encryption is StartTLSExtension, or TLS is set then the default behavior is to\nuse the certificate already loaded into the Couchbase Cluster for certificate validation,\notherwise `ldap.tlsSecret` may be set to override The Couchbase certificate." enum: - "None" - "StartTLSExtension" - "TLS" type: "string" groupsQuery: - description: "LDAP query, to get the users' groups by username in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" + description: "LDAP query, to get the users' groups by username in RFC4516 format. More info:\nhttps://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" type: "string" hosts: - description: "List of LDAP hosts to provide authentication-support for Couchbase Server. Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147." + description: "List of LDAP hosts to provide authentication-support for Couchbase Server.\nHost name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147." items: type: "string" minItems: 1 type: "array" + middleboxCompMode: + default: true + description: "Sets middlebox compatibility mode for LDAP. This option is only available on\nCouchbase Server 7.6.0+." + type: "boolean" nestedGroupsEnabled: - description: "If enabled Couchbase server will try to recursively search for groups for every discovered ldap group. groups_query will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" + description: "If enabled Couchbase server will try to recursively search for groups\nfor every discovered ldap group. groups_query will be user for the search.\nMore info:\nhttps://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" type: "boolean" nestedGroupsMaxDepth: default: 10 - description: "Maximum number of recursive groups requests the server is allowed to perform. Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" + description: "Maximum number of recursive groups requests the server is allowed to perform.\nRequires NestedGroupsEnabled. Values between 1 and 100: the default is 10.\nMore info:\nhttps://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" format: "int64" maximum: 100.0 minimum: 1.0 type: "integer" port: default: 389 - description: "LDAP port. This is typically 389 for LDAP, and 636 for LDAPS." + description: "LDAP port.\nThis is typically 389 for LDAP, and 636 for LDAPS." type: "integer" serverCertValidation: description: "Whether server certificate validation be enabled." type: "boolean" tlsSecret: - description: "TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. If TLSSecret is not provided, certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` will be used instead. If provided, the secret must contain the ca to be used under the name \"ca.crt\"." + description: "TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert.\nIf TLSSecret is not provided, certificates found in `couchbaseclusters.spec.networking.tls.rootCAs`\nwill be used instead.\nIf provided, the secret must contain the ca to be used under the name \"ca.crt\"." type: "string" userDNMapping: - description: "User to distinguished name (DN) mapping. If none is specified, the username is used as the user’s distinguished name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" + description: "User to distinguished name (DN) mapping. If none is specified,\nthe username is used as the user’s distinguished name. More info:\nhttps://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html" properties: query: description: "Query is the LDAP query to run to map from Couchbase user to LDAP distinguished name." type: "string" template: - description: "This field specifies list of templates to use for providing username to DN mapping. The template may contain a placeholder specified as `%u` to represent the Couchbase user who is attempting to gain access." + description: "This field specifies list of templates to use for providing username to DN mapping.\nThe template may contain a placeholder specified as `%u` to represent the Couchbase\nuser who is attempting to gain access." type: "string" type: "object" required: @@ -1249,28 +1486,28 @@ spec: - "port" type: "object" podSecurityContext: - description: "PodSecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "PodSecurityContext allows the configuration of the security context for all\nCouchbase server pods. When using persistent volumes you may need to set\nthe fsGroup field in order to write to the volume. For non-root clusters\nyou must also set runAsUser to 1000, corresponding to the Couchbase user\nin official container images. More info:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1286,25 +1523,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -1320,19 +1557,19 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -1343,21 +1580,21 @@ spec: description: "Managed defines whether RBAC is managed by us or the clients." type: "boolean" selector: - description: "Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator." + description: "Selector is a label selector used to list RBAC resources in the namespace\nthat are managed by the Operator." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1369,18 +1606,19 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nUse securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1396,27 +1634,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1432,37 +1670,37 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" uiSessionTimeout: default: 0 - description: "UISessionTimeout sets how long, in minutes, before a user is declared inactive and signed out from the Couchbase Server UI. 0 represents no time out." + description: "UISessionTimeout sets how long, in minutes, before a user is declared inactive\nand signed out from the Couchbase Server UI.\n0 represents no time out." maximum: 16666.0 minimum: 0.0 type: "integer" @@ -1470,28 +1708,28 @@ spec: - "adminSecret" type: "object" securityContext: - description: "DEPRECATED - by spec.security.securityContext SecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "DEPRECATED - by spec.security.securityContext\nSecurityContext allows the configuration of the security context for all\nCouchbase server pods. When using persistent volumes you may need to set\nthe fsGroup field in order to write to the volume. For non-root clusters\nyou must also set runAsUser to 1000, corresponding to the Couchbase user\nin official container images. More info:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1507,25 +1745,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -1541,34 +1779,34 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" serverGroups: - description: "ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key \"topology.kubernetes.io/zone\", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the \"topology.kubernetes.io/zone\" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups." + description: "ServerGroups define the set of availability zones you want to distribute\npods over, and construct Couchbase server groups for. By default, most\ncloud providers will label nodes with the key \"topology.kubernetes.io/zone\",\nthe values associated with that key are used here to provide explicit\nscheduling by the Operator. You may manually label nodes using the\n\"topology.kubernetes.io/zone\" key, to provide failure-domain\naware scheduling when none is provided for you. Global server groups are\napplied to all server classes, and may be overridden on a per-server class\nbasis to give more control over scheduling and server groups." items: type: "string" type: "array" x-kubernetes-list-type: "set" servers: - description: "Servers defines server classes for the Operator to provision and manage. A server class defines what services are running and how many members make up that class. Specifying multiple server classes allows the Operator to provision clusters with Multi-Dimensional Scaling (MDS). At least one server class must be defined, and at least one server class must be running the data service." + description: "Servers defines server classes for the Operator to provision and manage.\nA server class defines what services are running and how many members make\nup that class. Specifying multiple server classes allows the Operator to\nprovision clusters with Multi-Dimensional Scaling (MDS). At least one server\nclass must be defined, and at least one server class must be running the data\nservice." items: properties: autoscaleEnabled: - description: "AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA)." + description: "AutoscaledEnabled defines whether the autoscaling feature is enabled for this class.\nWhen true, the Operator will create a CouchbaseAutoscaler resource for this\nserver class. The CouchbaseAutoscaler implements the Kubernetes scale API and\ncan be controlled by the Kubernetes horizontal pod autoscaler (HPA)." type: "boolean" env: description: "Env allows the setting of environment variables in the Couchbase server container." @@ -1579,7 +1817,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1591,7 +1829,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1599,8 +1837,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1611,8 +1850,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1630,6 +1870,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -1637,7 +1878,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1645,6 +1886,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -1659,12 +1901,13 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" type: "boolean" type: "object" + x-kubernetes-map-type: "atomic" prefix: description: "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" @@ -1672,39 +1915,44 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" type: "boolean" type: "object" + x-kubernetes-map-type: "atomic" type: "object" type: "array" + image: + description: "Image is the container image name that will be used to launch Couchbase\nserver instances in this server class. You cannot downgrade the Couchbase\nversion. Across spec.image and all server classes there can only be two\ndifferent Couchbase images. Updating this field to a value different than\nspec.image will cause an automatic upgrade of the server class. If it isn't\nspecified then the cluster image will be used." + pattern: "^(.*?(:\\d+)?/)?.*?/.*?(:.*?\\d+\\.\\d+\\.\\d+.*|@sha256:[0-9a-f]{64})$" + type: "string" name: - description: "Name is a textual name for the server configuration and must be unique. The name is used by the operator to uniquely identify a server class, and map pods back to an intended configuration." + description: "Name is a textual name for the server configuration and must be unique.\nThe name is used by the operator to uniquely identify a server class,\nand map pods back to an intended configuration." type: "string" pod: - description: "Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core" + description: "Pod defines a template used to create pod for each Couchbase server\ninstance. Modifying pod metadata such as labels and annotations will\nupdate the pod in-place. Any other modification will result in a cluster\nupgrade in order to fulfill the request. The Operator reserves the right\nto modify or replace any field. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core" properties: metadata: - description: "Standard objects metadata. This is a curated version for use with Couchbase resource templates." + description: "Standard objects metadata. This is a curated version for use with Couchbase\nresource templates." properties: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + description: "Annotations is an unstructured key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. They\nare not queryable and should be preserved when modifying objects. More\ninfo: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: type: "string" - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + description: "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services. More info: http://kubernetes.io/docs/user-guide/labels" type: "object" type: "object" spec: description: "PodSpec is a description of a pod." properties: activeDeadlineSeconds: - description: "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer." + description: "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer." format: "int64" type: "integer" affinity: @@ -1714,9 +1962,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -1724,16 +1972,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1745,16 +1993,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1764,6 +2012,7 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." format: "int32" @@ -1774,26 +2023,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1805,16 +2054,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -1824,16 +2073,18 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "nodeSelectorTerms" type: "object" + x-kubernetes-map-type: "atomic" type: "object" podAffinity: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -1846,16 +2097,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1867,25 +2118,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1897,22 +2149,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -1921,9 +2174,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -1931,16 +2184,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1952,25 +2205,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1982,16 +2236,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -2002,7 +2257,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -2015,16 +2270,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2036,25 +2291,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2066,22 +2322,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -2090,9 +2347,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -2100,16 +2357,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2121,25 +2378,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2151,16 +2409,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -2172,15 +2431,15 @@ spec: description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted." type: "boolean" dnsConfig: - description: "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + description: "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy." properties: nameservers: - description: "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed." + description: "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed." items: type: "string" type: "array" options: - description: "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy." + description: "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy." items: description: "PodDNSConfigOption defines DNS resolver options of a pod." properties: @@ -2192,53 +2451,54 @@ spec: type: "object" type: "array" searches: - description: "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed." + description: "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed." items: type: "string" type: "array" type: "object" dnsPolicy: - description: "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + description: "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'." type: "string" enableServiceLinks: - description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." + description: "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true." type: "boolean" hostIPC: - description: "Use the host's ipc namespace. Optional: Default to false." + description: "Use the host's ipc namespace.\nOptional: Default to false." type: "boolean" hostNetwork: - description: "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false." + description: "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false." type: "boolean" hostPID: - description: "Use the host's pid namespace. Optional: Default to false." + description: "Use the host's pid namespace.\nOptional: Default to false." type: "boolean" hostUsers: - description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." + description: "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." type: "boolean" imagePullSecrets: - description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" + description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" items: - description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" + x-kubernetes-map-type: "atomic" type: "array" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements." + description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." type: "string" nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. \n If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions \n If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: - description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" + description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" type: "string" required: - "name" @@ -2250,84 +2510,124 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" + description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" type: "object" preemptionPolicy: - description: "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset." + description: "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset." type: "string" priority: - description: "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority." + description: "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority." format: "int32" type: "integer" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default." + description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" + resourceClaims: + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + items: + description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + properties: + name: + description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." + type: "string" + source: + description: "Source describes where to find the ResourceClaim." + properties: + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" runtimeClassName: - description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" + description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" type: "string" schedulerName: - description: "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler." + description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" + schedulingGates: + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.\n\n\nThis is a beta feature enabled by the PodSchedulingReadiness feature gate." + items: + description: "PodSchedulingGate is associated to a Pod to guard its scheduling." + properties: + name: + description: "Name of the scheduling gate.\nEach scheduling gate must have a unique name field." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" serviceAccount: - description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." + description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead." type: "string" serviceAccountName: - description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" type: "string" setHostnameAsFQDN: - description: "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false." + description: "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false." type: "boolean" shareProcessNamespace: - description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." + description: "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false." type: "boolean" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds." + description: "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds." format: "int64" type: "integer" tolerations: description: "If specified, the pod's tolerations." items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" topologySpreadConstraints: - description: "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + description: "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." items: description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: labelSelector: - description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2339,34 +2639,35 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." type: "string" whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." type: "string" required: - "maxSkew" @@ -2381,8 +2682,23 @@ spec: type: "object" type: "object" resources: - description: "Resources are the resource requirements for the Couchbase server container. This field overrides any automatic allocation as defined by `spec.autoResourceAllocation`." + description: "Resources are the resource requirements for the Couchbase server container.\nThis field overrides any automatic allocation as defined by\n`spec.autoResourceAllocation`." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2390,7 +2706,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2399,17 +2715,17 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" serverGroups: - description: "ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key \"topology.kubernetes.io/zone\", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the \"topology.kubernetes.io/zone\" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups." + description: "ServerGroups define the set of availability zones you want to distribute\npods over, and construct Couchbase server groups for. By default, most\ncloud providers will label nodes with the key \"topology.kubernetes.io/zone\",\nthe values associated with that key are used here to provide explicit\nscheduling by the Operator. You may manually label nodes using the\n\"topology.kubernetes.io/zone\" key, to provide failure-domain\naware scheduling when none is provided for you. Global server groups are\napplied to all server classes, and may be overridden on a per-server class\nbasis to give more control over scheduling and server groups." items: type: "string" type: "array" x-kubernetes-list-type: "set" services: - description: "Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of \"data\", \"index\", \"query\", \"search\", \"eventing\" or \"analytics\". Each service may only be specified once." + description: "Services is the set of Couchbase services to run on this server class.\nAt least one class must contain the data service. The field may contain\nany of \"data\", \"index\", \"query\", \"search\", \"eventing\" or \"analytics\".\nEach service may only be specified once." items: description: "Supported services" enum: @@ -2424,28 +2740,28 @@ spec: type: "array" x-kubernetes-list-type: "set" size: - description: "Size is the expected requested of the server class. This field must be greater than or equal to 1." + description: "Size is the expected requested of the server class. This field\nmust be greater than or equal to 1." minimum: 1.0 type: "integer" volumeMounts: description: "VolumeMounts define persistent volume claims to attach to pod." properties: analytics: - description: "AnalyticsClaims are persistent volumes that encompass analytics storage associated with the analytics service. Analytics claims can only be used on server classes running the analytics service, and must be used in conjunction with the default claim. This field allows the analytics service to use different storage media (e.g. SSD), and scale horizontally, to improve performance of this service. This field references a volume claim template name as defined in \"spec.volumeClaimTemplates\"." + description: "AnalyticsClaims are persistent volumes that encompass analytics storage associated\nwith the analytics service. Analytics claims can only be used on server classes\nrunning the analytics service, and must be used in conjunction with the default claim.\nThis field allows the analytics service to use different storage media (e.g. SSD), and\nscale horizontally, to improve performance of this service. This field references a volume\nclaim template name as defined in \"spec.volumeClaimTemplates\"." items: type: "string" type: "array" data: - description: "DataClaim is a persistent volume that encompasses key/value storage associated with the data service. The data claim can only be used on server classes running the data service, and must be used in conjunction with the default claim. This field allows the data service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in \"spec.volumeClaimTemplates\"." + description: "DataClaim is a persistent volume that encompasses key/value storage associated\nwith the data service. The data claim can only be used on server classes running\nthe data service, and must be used in conjunction with the default claim. This\nfield allows the data service to use different storage media (e.g. SSD) to\nimprove performance of this service. This field references a volume\nclaim template name as defined in \"spec.volumeClaimTemplates\"." type: "string" default: - description: "DefaultClaim is a persistent volume that encompasses all Couchbase persistent data, including document storage, indexes and logs. The default volume can be used with any server class. Use of the default claim allows the Operator to recover failed pods from the persistent volume far quicker than if the pod were using ephemeral storage. The default claim cannot be used at the same time as the logs claim within the same server class. This field references a volume claim template name as defined in \"spec.volumeClaimTemplates\"." + description: "DefaultClaim is a persistent volume that encompasses all Couchbase persistent\ndata, including document storage, indexes and logs. The default volume can be\nused with any server class. Use of the default claim allows the Operator to\nrecover failed pods from the persistent volume far quicker than if the pod were\nusing ephemeral storage. The default claim cannot be used at the same time\nas the logs claim within the same server class. This field references a volume\nclaim template name as defined in \"spec.volumeClaimTemplates\"." type: "string" index: - description: "IndexClaim s a persistent volume that encompasses index storage associated with the index and search services. The index claim can only be used on server classes running the index or search services, and must be used in conjunction with the default claim. This field allows the index and/or search service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in \"spec.volumeClaimTemplates\". Whilst this references index primarily, note that the full text search (FTS) service also uses this same mount." + description: "IndexClaim s a persistent volume that encompasses index storage associated\nwith the index and search services. The index claim can only be used on server classes running\nthe index or search services, and must be used in conjunction with the default claim. This\nfield allows the index and/or search service to use different storage media (e.g. SSD) to\nimprove performance of this service. This field references a volume\nclaim template name as defined in \"spec.volumeClaimTemplates\".\nWhilst this references index primarily, note that the full text search (FTS) service\nalso uses this same mount." type: "string" logs: - description: "LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid with supporting the product. The logs claim can only be used on server classes running the following services: query, search & eventing. The logs claim cannot be used at the same time as the default claim within the same server class. This field references a volume claim template name as defined in \"spec.volumeClaimTemplates\". Whilst the logs claim can be used with the search service, the recommendation is to use the default claim for these. The reason for this is that a failure of these nodes will require indexes to be rebuilt and subsequent performance impact." + description: "LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid\nwith supporting the product. The logs claim can only be used on server classes running\nthe following services: query, search & eventing. The logs claim cannot be used at the same\ntime as the default claim within the same server class. This field references a volume\nclaim template name as defined in \"spec.volumeClaimTemplates\".\nWhilst the logs claim can be used with the search service, the recommendation is to use the\ndefault claim for these. The reason for this is that a failure of these nodes will require\nindexes to be rebuilt and subsequent performance impact." type: "string" type: "object" required: @@ -2459,50 +2775,57 @@ spec: - "name" x-kubernetes-list-type: "map" softwareUpdateNotifications: - description: "SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available." + description: "SoftwareUpdateNotifications enables software update notifications in the UI.\nWhen enabled, the UI will alert when a Couchbase server upgrade is available." type: "boolean" + upgradeProcess: + description: "UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade.\nWhen SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or\nImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will\nperform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy\nis set to ImmediateUpgrade." + enum: + - "SwapRebalance" + - "DeltaRecovery" + - "InPlaceUpgrade" + type: "string" upgradeStrategy: - description: "UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either \"RollingUpgrade\" or \"ImmediateUpgrade\", defaulting to \"RollingUpgrade\"." + description: "UpgradeStrategy controls how aggressive the Operator is when performing a cluster\nupgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This\nstrategy is slower, however less disruptive. When an immediate upgrade strategy is\nrequested, all pods are upgraded at the same time. This strategy is faster, but more\ndisruptive. This field must be either \"RollingUpgrade\" or \"ImmediateUpgrade\", defaulting\nto \"RollingUpgrade\"." enum: - "RollingUpgrade" - "ImmediateUpgrade" type: "string" volumeClaimTemplates: - description: "VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration." + description: "VolumeClaimTemplates define the desired characteristics of a volume\nthat can be requested/claimed by a pod, for example the storage class to\nuse and the volume size. Volume claim templates are referred to by name\nby server class volume mount configuration." items: properties: metadata: - description: "Standard objects metadata. This is a curated version for use with Couchbase resource templates." + description: "Standard objects metadata. This is a curated version for use with Couchbase\nresource templates." properties: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + description: "Annotations is an unstructured key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. They\nare not queryable and should be preserved when modifying objects. More\ninfo: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: type: "string" - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + description: "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services. More info: http://kubernetes.io/docs/user-guide/labels" type: "object" name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + description: "Name must be unique within a namespace. Is required when creating\nresources, although some resources may allow a client to request the\ngeneration of an appropriate name automatically. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" required: - "name" type: "object" spec: - description: "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes" + description: "PersistentVolumeClaimSpec describes the common attributes of storage devices\nand allows a Source for provider-specific attributes" properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -2510,13 +2833,31 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2524,7 +2865,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2533,7 +2874,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -2542,16 +2883,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2563,14 +2904,15 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -2582,7 +2924,7 @@ spec: type: "object" type: "array" xdcr: - description: "XDCR defines whether the Operator should manage XDCR, remote clusters and how to lookup replication resources." + description: "XDCR defines whether the Operator should manage XDCR, remote clusters and how\nto lookup replication resources." properties: managed: description: "Managed defines whether XDCR is managed by the operator or not." @@ -2593,34 +2935,34 @@ spec: description: "RemoteCluster is a reference to a remote cluster for XDCR." properties: authenticationSecret: - description: "AuthenticationSecret is a secret used to authenticate when establishing a remote connection. It is only required when not using mTLS. The secret must contain a username (secret key \"username\") and password (secret key \"password\")." + description: "AuthenticationSecret is a secret used to authenticate when establishing a\nremote connection. It is only required when not using mTLS. The secret\nmust contain a username (secret key \"username\") and password (secret key\n\"password\")." type: "string" hostname: description: "Hostname is the connection string to use to connect the remote cluster. To use IPv6, place brackets (`[`, `]`) around the IPv6 value." pattern: "^((couchbase|http)(s)?(://))?((\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b)|((([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]))|\\[(\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*\\]))(:[0-9]{0,5})?(\\\\{0,1}\\?network=[^&]+)?$" type: "string" name: - description: "Name of the remote cluster. Note that, -operator-managed is added as suffix by operator automatically to the name in order to diffrentiate from non operator managed remote clusters." + description: "Name of the remote cluster.\nNote that, -operator-managed is added as suffix by operator automatically\nto the name in order to diffrentiate from non operator managed remote clusters." type: "string" replications: - description: "Replications are replication streams from this cluster to the remote one. This field defines how to look up CouchbaseReplication resources. By default any CouchbaseReplication resources in the namespace will be considered." + description: "Replications are replication streams from this cluster to the remote one.\nThis field defines how to look up CouchbaseReplication resources. By default\nany CouchbaseReplication resources in the namespace will be considered." properties: selector: - description: "Selector allows CouchbaseReplication resources to be filtered based on labels." + description: "Selector allows CouchbaseReplication resources to be filtered\nbased on labels." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2632,21 +2974,22 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" tls: - description: "TLS if specified references a resource containing the necessary certificate data for an encrypted connection." + description: "TLS if specified references a resource containing the necessary certificate\ndata for an encrypted connection." properties: secret: - description: "Secret references a secret containing the CA certificate (data key \"ca\"), and optionally a client certificate (data key \"certificate\") and key (data key \"key\")." + description: "Secret references a secret containing the CA certificate (data key \"ca\"),\nand optionally a client certificate (data key \"certificate\") and key\n(data key \"key\")." type: "string" required: - "secret" type: "object" uuid: - description: "UUID of the remote cluster. The UUID of a CouchbaseCluster resource is advertised in the status.clusterId field of the resource." + description: "UUID of the remote cluster. The UUID of a CouchbaseCluster resource\nis advertised in the status.clusterId field of the resource." pattern: "^[0-9a-f]{32}$" type: "string" required: @@ -2676,18 +3019,18 @@ spec: anyOf: - type: "integer" - type: "string" - description: "AllocatedMemory defines the total memory allocated for constrained Couchbase services. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "AllocatedMemory defines the total memory allocated for constrained Couchbase services.\nMore info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true allocatedMemoryPercent: - description: "AllocatedMemoryPercent is set when memory resources are requested and define how much of the requested memory is allocated to constrained Couchbase services." + description: "AllocatedMemoryPercent is set when memory resources are requested and define how much of\nthe requested memory is allocated to constrained Couchbase services." type: "integer" analyticsServiceAllocation: anyOf: - type: "integer" - type: "string" - description: "AnalyticsServiceAllocation is set when the analytics service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "AnalyticsServiceAllocation is set when the analytics service is enabled for this class and\ndefines how much memory this service consumes per pod. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -2695,7 +3038,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "DataServiceAllocation is set when the data service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "DataServiceAllocation is set when the data service is enabled for this class and\ndefines how much memory this service consumes per pod. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -2703,7 +3046,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "EventingServiceAllocation is set when the eventing service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "EventingServiceAllocation is set when the eventing service is enabled for this class and\ndefines how much memory this service consumes per pod. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -2711,7 +3054,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "IndexServiceAllocation is set when the index service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "IndexServiceAllocation is set when the index service is enabled for this class and\ndefines how much memory this service consumes per pod. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -2722,7 +3065,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "RequestedMemory, if set, defines the Kubernetes resource request for the server class. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "RequestedMemory, if set, defines the Kubernetes resource request for the server class.\nMore info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -2730,7 +3073,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "SearchServiceAllocation is set when the search service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "SearchServiceAllocation is set when the search service is enabled for this class and\ndefines how much memory this service consumes per pod. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true @@ -2738,12 +3081,12 @@ spec: anyOf: - type: "integer" - type: "string" - description: "UnusedMemory is set when memory resources are requested and is the difference between the requestedMemory and allocatedMemory. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "UnusedMemory is set when memory resources are requested and is the difference between\nthe requestedMemory and allocatedMemory. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true unusedMemoryPercent: - description: "UnusedMemoryPercent is set when memory resources are requested and defines how much requested memory is not allocated. Couchbase server expects at least a 20% overhead." + description: "UnusedMemoryPercent is set when memory resources are requested and defines how much\nrequested memory is not allocated. Couchbase server expects at least a 20% overhead." type: "integer" required: - "name" @@ -2762,7 +3105,7 @@ spec: description: "CompressionMode defines how documents are compressed." type: "string" conflictResolution: - description: "ConflictResolution is relevant for `couchbase` and `ephemeral` bucket types and indicates how to resolve conflicts when using multi-master XDCR." + description: "ConflictResolution is relevant for `couchbase` and `ephemeral` bucket types\nand indicates how to resolve conflicts when using multi-master XDCR." type: "string" enableFlush: description: "EnableFlush is whether a client can delete all documents in a bucket." @@ -2771,10 +3114,10 @@ spec: description: "EnableIndexReplica is whether indexes against bucket documents are replicated." type: "boolean" evictionPolicy: - description: "EvictionPolicy is relevant for `couchbase` and `ephemeral` bucket types and indicates how documents are evicted from memory when it is exhausted." + description: "EvictionPolicy is relevant for `couchbase` and `ephemeral` bucket types\nand indicates how documents are evicted from memory when it is exhausted." type: "string" ioPriority: - description: "IoPriority is `low` or `high` depending on the number of threads spawned for data processing." + description: "IoPriority is `low` or `high` depending on the number of threads\nspawned for data processing." type: "string" memoryQuota: description: "BucketMemoryQuota is the bucket memory quota in megabytes." @@ -2810,7 +3153,7 @@ spec: type: "object" type: "array" clusterId: - description: "ClusterID is the unique cluster UUID. This is generated every time a new cluster is created, so may vary over the lifetime of a cluster if it is recreated by disaster recovery mechanisms." + description: "ClusterID is the unique cluster UUID. This is generated every time\na new cluster is created, so may vary over the lifetime of a cluster\nif it is recreated by disaster recovery mechanisms." type: "string" conditions: description: "Current service state of the Couchbase cluster." @@ -2852,10 +3195,10 @@ spec: type: "object" type: "array" controlPaused: - description: "ControlPaused indicates if the Operator has acknowledged and paused the control of the cluster." + description: "ControlPaused indicates if the Operator has acknowledged and paused the\ncontrol of the cluster." type: "boolean" currentVersion: - description: "CurrentVersion is the current Couchbase version. This reflects the version of the whole cluster, therefore during upgrade, it is only updated when the upgrade has completed." + description: "CurrentVersion is the current Couchbase version. This reflects the\nversion of the whole cluster, therefore during upgrade, it is only\nupdated when the upgrade has completed." type: "string" groups: description: "Groups describes all the groups managed by the cluster." @@ -2866,18 +3209,18 @@ spec: description: "Members are the Couchbase members in the cluster." properties: ready: - description: "Ready are the Couchbase members that are clustered and ready to serve client requests. The member names are the same as the Couchbase pod names." + description: "Ready are the Couchbase members that are clustered and ready to serve\nclient requests. The member names are the same as the Couchbase pod names." items: type: "string" type: "array" unready: - description: "Unready are the Couchbase members not clustered or unready to serve client requests. The member names are the same as the Couchbase pod names." + description: "Unready are the Couchbase members not clustered or unready to serve\nclient requests. The member names are the same as the Couchbase pod names." items: type: "string" type: "array" type: "object" size: - description: "Size is the current size of the cluster in terms of pods. Individual pod status conditions are listed in the members status." + description: "Size is the current size of the cluster in terms of pods. Individual\npod status conditions are listed in the members status." type: "integer" users: description: "Users describes all the users managed by the cluster." diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollectiongroups.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollectiongroups.yaml index 5bd8120c1..78c557c03 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollectiongroups.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollectiongroups.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasecollectiongroups.couchbase.com" spec: group: "couchbase.com" @@ -17,13 +17,13 @@ spec: - name: "v2" schema: openAPIV3Schema: - description: "CouchbaseCollectionGroup represent the finest grained size of data storage in Couchbase. Collections contain all documents and indexes in the system. Collections also form the finest grain basis for role-based access control (RBAC) and cross-datacenter replication (XDCR). In order to be considered by the Operator, every collection group must be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. Unlike the CouchbaseCollection resource, a collection group represents multiple collections, with common configuration parameters, to be expressed as a single resource, minimizing required configuration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC security boundaries." + description: "CouchbaseCollectionGroup represent the finest grained size of data storage in Couchbase.\nCollections contain all documents and indexes in the system. Collections also form\nthe finest grain basis for role-based access control (RBAC) and cross-datacenter\nreplication (XDCR). In order to be considered by the Operator, every collection group\nmust be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. Unlike the\nCouchbaseCollection resource, a collection group represents multiple collections, with\ncommon configuration parameters, to be expressed as a single resource, minimizing required\nconfiguration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC\nsecurity boundaries." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -31,12 +31,12 @@ spec: description: "Spec defines the desired state of the resource." properties: maxTTL: - description: "MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This field takes precedence over any TTL defined at the bucket level. This is a default, and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration" + description: "MaxTTL defines how long a document is permitted to exist for, without\nmodification, until it is automatically deleted. This field takes precedence over\nany TTL defined at the bucket level. This is a default, and maximum\ntime-to-live and may be set to a lower value by the client. If the client specifies\na higher value, then it is truncated to the maximum durability. Documents are\nremoved by Couchbase, after they have expired, when either accessed, the expiry\npager is run, or the bucket is compacted. When set to 0, then documents are not\nexpired by default. This field must be a duration in the range 0-2147483648s,\ndefaulting to 0. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" names: - description: "Names specifies the names of the collections. Unlike CouchbaseCollection, which specifies a single collection, a collection group specifies multiple, and the collection group must specify at least one collection name. Any collection names specified must be unique. Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %." + description: "Names specifies the names of the collections. Unlike CouchbaseCollection, which\nspecifies a single collection, a collection group specifies multiple, and the\ncollection group must specify at least one collection name.\nAny collection names specified must be unique.\nCollection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%]\nand not start with either _ or %." items: - description: "ScopeOrCollectionName is a generic type to capture a valid scope or collection name. These must consist of 1-251 characters, include only A-Z, a-z, 0-9, -, _ or %, and must not start with _ (which is an internal marker) or % (which is probably an escape character in language X)." + description: "ScopeOrCollectionName is a generic type to capture a valid\nscope or collection name. These must consist of 1-251 characters,\ninclude only A-Z, a-z, 0-9, -, _ or %, and must not start with\n_ (which is an internal marker) or % (which is probably an escape\ncharacter in language X)." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollections.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollections.yaml index 3dc351582..d65f28a2e 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollections.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasecollections.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasecollections.couchbase.com" spec: group: "couchbase.com" @@ -17,13 +17,13 @@ spec: - name: "v2" schema: openAPIV3Schema: - description: "CouchbaseCollection represent the finest grained size of data storage in Couchbase. Collections contain all documents and indexes in the system. Collections also form the finest grain basis for role-based access control (RBAC) and cross-datacenter replication (XDCR). In order to be considered by the Operator, every collection must be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource." + description: "CouchbaseCollection represent the finest grained size of data storage in Couchbase.\nCollections contain all documents and indexes in the system. Collections also form\nthe finest grain basis for role-based access control (RBAC) and cross-datacenter\nreplication (XDCR). In order to be considered by the Operator, every collection\nmust be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -32,10 +32,10 @@ spec: description: "Spec defines the desired state of the resource." properties: maxTTL: - description: "MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This field takes precedence over any TTL defined at the bucket level. This is a default, and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration" + description: "MaxTTL defines how long a document is permitted to exist for, without\nmodification, until it is automatically deleted. This field takes precedence over\nany TTL defined at the bucket level. This is a default, and maximum\ntime-to-live and may be set to a lower value by the client. If the client specifies\na higher value, then it is truncated to the maximum durability. Documents are\nremoved by Couchbase, after they have expired, when either accessed, the expiry\npager is run, or the bucket is compacted. When set to 0, then documents are not\nexpired by default. This field must be a duration in the range 0-2147483648s,\ndefaulting to 0. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" name: - description: "Name specifies the name of the collection. By default, the metadata.name is used to define the collection name, however, due to the limited character set, this field can be used to override the default and provide the full functionality. Additionally the `metadata.name` field is a DNS label, and thus limited to 63 characters, this field must be used if the name is longer than this limit. Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %." + description: "Name specifies the name of the collection. By default, the metadata.name is\nused to define the collection name, however, due to the limited character set,\nthis field can be used to override the default and provide the full functionality.\nAdditionally the `metadata.name` field is a DNS label, and thus limited to 63\ncharacters, this field must be used if the name is longer than this limit.\nCollection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%]\nand not start with either _ or %." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseephemeralbuckets.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseephemeralbuckets.yaml index 450bd5ed8..261c4510d 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseephemeralbuckets.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseephemeralbuckets.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbaseephemeralbuckets.couchbase.com" spec: group: "couchbase.com" @@ -36,23 +36,23 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "The CouchbaseEphemeralBucket resource defines a set of documents in Couchbase server. A Couchbase client connects to and operates on a bucket, which provides independent management of a set documents and a security boundary for role based access control. A CouchbaseEphemeralBucket provides in-memory only storage and replication for documents contained by it." + description: "The CouchbaseEphemeralBucket resource defines a set of documents in Couchbase server.\nA Couchbase client connects to and operates on a bucket, which provides independent\nmanagement of a set documents and a security boundary for role based access control.\nA CouchbaseEphemeralBucket provides in-memory only storage and replication for documents\ncontained by it." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: default: {} - description: "CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized." + description: "CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket\nresource, and allows the bucket to be customized." properties: compressionMode: default: "passive" - description: "CompressionMode defines how Couchbase server handles document compression. When off, documents are stored in memory, and transferred to the client uncompressed. When passive, documents are stored compressed in memory, and transferred to the client compressed when requested. When active, documents are stored compresses in memory and when transferred to the client. This field must be \"off\", \"passive\" or \"active\", defaulting to \"passive\". Be aware \"off\" in YAML 1.2 is a boolean, so must be quoted as a string in configuration files." + description: "CompressionMode defines how Couchbase server handles document compression. When\noff, documents are stored in memory, and transferred to the client uncompressed.\nWhen passive, documents are stored compressed in memory, and transferred to the\nclient compressed when requested. When active, documents are stored compresses\nin memory and when transferred to the client. This field must be \"off\", \"passive\"\nor \"active\", defaulting to \"passive\". Be aware \"off\" in YAML 1.2 is a boolean, so\nmust be quoted as a string in configuration files." enum: - "off" - "passive" @@ -60,76 +60,82 @@ spec: type: "string" conflictResolution: default: "seqno" - description: "ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number based resolution selects the document with the highest sequence number as the most recent. Timestamp based resolution selects the document that was written to most recently as the most recent. This field must be \"seqno\" (sequence based), or \"lww\" (timestamp based), defaulting to \"seqno\"." + description: "ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number\nbased resolution selects the document with the highest sequence number as the most recent.\nTimestamp based resolution selects the document that was written to most recently as the\nmost recent. This field must be \"seqno\" (sequence based), or \"lww\" (timestamp based),\ndefaulting to \"seqno\"." enum: - "seqno" - "lww" type: "string" enableFlush: - description: "EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false." + description: "EnableFlush defines whether a client can delete all documents in a bucket.\nThis field defaults to false." type: "boolean" evictionPolicy: default: "noEviction" - description: "EvictionPolicy controls how Couchbase handles memory exhaustion. No eviction means that Couchbase server will make this bucket read-only when memory is exhausted in order to avoid data loss. NRU eviction will delete documents that haven't been used recently in order to free up memory. This field must be \"noEviction\" or \"nruEviction\", defaulting to \"noEviction\"." + description: "EvictionPolicy controls how Couchbase handles memory exhaustion. No eviction means\nthat Couchbase server will make this bucket read-only when memory is exhausted in\norder to avoid data loss. NRU eviction will delete documents that haven't been used\nrecently in order to free up memory. This field must be \"noEviction\" or \"nruEviction\",\ndefaulting to \"noEviction\"." enum: - "noEviction" - "nruEviction" type: "string" ioPriority: default: "low" - description: "IOPriority controls how many threads a bucket has, per pod, to process reads and writes. This field must be \"low\" or \"high\", defaulting to \"low\". Modification of this field will cause a temporary service disruption as threads are restarted." + description: "IOPriority controls how many threads a bucket has, per pod, to process reads and writes.\nThis field must be \"low\" or \"high\", defaulting to \"low\". Modification of this field will\ncause a temporary service disruption as threads are restarted." enum: - "low" - "high" type: "string" maxTTL: - description: "MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This is a default and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration" + description: "MaxTTL defines how long a document is permitted to exist for, without\nmodification, until it is automatically deleted. This is a default and maximum\ntime-to-live and may be set to a lower value by the client. If the client specifies\na higher value, then it is truncated to the maximum durability. Documents are\nremoved by Couchbase, after they have expired, when either accessed, the expiry\npager is run, or the bucket is compacted. When set to 0, then documents are not\nexpired by default. This field must be a duration in the range 0-2147483648s,\ndefaulting to 0. More info:\nhttps://golang.org/pkg/time/#ParseDuration" type: "string" memoryQuota: anyOf: - type: "integer" - type: "string" default: "100Mi" - description: "MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded,\ndocuments will be evicted from memory defined by the eviction policy. The memory quota\nis defined per Couchbase pod running the data service. This field defaults to, and must\nbe greater than or equal to 100Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true minimumDurability: - description: "MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. This field must be either \"none\" or \"majority\", defaulting to \"none\"." + description: "MiniumumDurability defines how durable a document write is by default, and can\nbe made more durable by the client. This feature enables ACID transactions.\nWhen none, Couchbase server will respond when the document is in memory, it will\nbecome eventually consistent across the cluster. When majority, Couchbase server will\nrespond when the document is replicated to at least half of the pods running the\ndata service in the cluster. This field must be either \"none\" or \"majority\",\ndefaulting to \"none\"." enum: - "none" - "majority" type: "string" name: - description: "Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "Name is the name of the bucket within Couchbase server. By default the Operator\nwill use the `metadata.name` field to define the bucket name. The `metadata.name`\nfield only supports a subset of the supported character set. When specified, this\nfield overrides `metadata.name`. Legal bucket names have a maximum length of 100\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" + rank: + default: 0 + description: "Rank determines the bucket’s place in the order in which the rebalance process\nhandles the buckets on the cluster. The higher a bucket’s assigned integer\n(in relation to the integers assigned other buckets), the sooner in the\nrebalance process the bucket is handled. This assignment of rank allows a\ncluster’s most mission-critical data to be rebalanced with top priority.\nThis option is only supported for Couchbase Server 7.6.0+." + maximum: 1000.0 + minimum: 0.0 + type: "integer" replicas: default: 1 - description: "Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1." + description: "Replicas defines how many copies of documents Couchbase server maintains. This directly\naffects how fault tolerant a Couchbase cluster is. With a single replica, the cluster\ncan tolerate one data pod going down and still service requests without data loss. The\nnumber of replicas also affect memory use. With a single replica, the effective memory\nquota for documents is halved, with two replicas it is one third. The number of replicas\nmust be between 0 and 3, defaulting to 1." maximum: 3.0 minimum: 0.0 type: "integer" scopes: - description: "Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket." + description: "Scopes defines whether the Operator manages scopes for the bucket or not, and\nthe set of scopes defined for the bucket." properties: managed: - description: "Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present." + description: "Managed defines whether scopes are managed for this bucket.\nThis field is `false` by default, and the Operator will take no actions that\nwill affect scopes and collections in this bucket. The default scope and\ncollection will be present. When set to `true`, the Operator will manage\nuser defined scopes, and optionally, their collections as defined by the\n`CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and\n`CouchbaseCollectionGroup` resource documentation. If this field is set to\n`false` while the already managed, then the Operator will leave whatever\nconfiguration is already present." type: "boolean" resources: - description: "Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named resources that will be considered\nfor inclusion in this bucket. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseScope" - description: "Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseScope` and `CouchbaseScopeGroup` resource kinds. This field defaults to `CouchbaseScope` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A scope\ncan only reference `CouchbaseScope` and `CouchbaseScopeGroup`\nresource kinds. This field defaults to `CouchbaseScope` if not\nspecified." enum: - "CouchbaseScope" - "CouchbaseScopeGroup" type: "string" name: - description: "Name is the name of the Kubernetes resource name that is being referenced. Legal scope names have a maximum length of 251 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." + description: "Name is the name of the Kubernetes resource name that is being referenced.\nLegal scope names have a maximum length of 251\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" @@ -139,21 +145,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\nbucket. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -165,9 +171,10 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" type: "object" type: "object" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasegroups.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasegroups.yaml index 4d0f9bd00..b3df4187b 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasegroups.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasegroups.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasegroups.couchbase.com" spec: group: "couchbase.com" @@ -20,10 +20,10 @@ spec: description: "CouchbaseGroup allows the automation of Couchbase group management." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -38,19 +38,19 @@ spec: items: properties: bucket: - description: "Bucket name for bucket admin roles. When not specified for a role that can be scoped to a specific bucket, the role will apply to all buckets in the cluster. Deprecated: Couchbase Autonomous Operator 2.3" + description: "Bucket name for bucket admin roles. When not specified for a role that can be scoped\nto a specific bucket, the role will apply to all buckets in the cluster.\nDeprecated: Couchbase Autonomous Operator 2.3" pattern: "^\\*$|^[a-zA-Z0-9-_%\\.]+$" type: "string" buckets: - description: "Bucket level access to apply to specified role. The bucket must exist. When not specified, the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role will apply to all buckets in the cluster" + description: "Bucket level access to apply to specified role. The bucket must exist. When not specified,\nthe bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role\nwill apply to all buckets in the cluster" properties: resources: - description: "Resources is an explicit list of named bucket resources that will be considered for inclusion in this role. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named bucket resources that will be considered\nfor inclusion in this role. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseBucket" - description: "Kind indicates the kind of resource that is being referenced. A Role can only reference `CouchbaseBucket` kind. This field defaults to `CouchbaseBucket` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A Role\ncan only reference `CouchbaseBucket` kind. This field defaults\nto `CouchbaseBucket` if not specified." enum: - "CouchbaseBucket" type: "string" @@ -62,21 +62,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\nrole. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -88,26 +88,27 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" collections: - description: "Collection level access to apply to the specified role. The collection must exist. When not specified, the role is subject to scope or bucket level access." + description: "Collection level access to apply to the specified role. The collection must exist.\nWhen not specified, the role is subject to scope or bucket level access." properties: resources: - description: "Resources is an explicit list of named resources that will be considered for inclusion in this collection or collections. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named resources that will be considered\nfor inclusion in this collection or collections. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseCollection" - description: "Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` resource kinds. This field defaults to `CouchbaseCollection` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A scope\ncan only reference `CouchbaseCollection` and `CouchbaseCollectionGroup`\nresource kinds. This field defaults to `CouchbaseCollection` if not\nspecified." enum: - "CouchbaseCollection" - "CouchbaseCollectionGroup" type: "string" name: - description: "Name is the name of the Kubernetes resource name that is being referenced. Legal collection names have a maximum length of 251 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." + description: "Name is the name of the Kubernetes resource name that is being referenced.\nLegal collection names have a maximum length of 251\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" @@ -117,21 +118,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this collection or collections. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\ncollection or collections. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -143,9 +144,10 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" name: description: "Name of role." @@ -198,23 +200,24 @@ spec: - "security_admin_local" - "views_admin" - "views_reader" + - "eventing_manage_functions" type: "string" scopes: - description: "Scope level access to apply to specified role. The scope must exist. When not specified, the role will apply to selected bucket or all buckets in the cluster." + description: "Scope level access to apply to specified role. The scope must exist. When not specified,\nthe role will apply to selected bucket or all buckets in the cluster." properties: resources: - description: "Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named resources that will be considered\nfor inclusion in this scope or scopes. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseScope" - description: "Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseScope` and `CouchbaseScopeGroup` resource kinds. This field defaults to `CouchbaseScope` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A scope\ncan only reference `CouchbaseScope` and `CouchbaseScopeGroup`\nresource kinds. This field defaults to `CouchbaseScope` if not\nspecified." enum: - "CouchbaseScope" - "CouchbaseScopeGroup" type: "string" name: - description: "Name is the name of the Kubernetes resource name that is being referenced. Legal scope names have a maximum length of 251 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." + description: "Name is the name of the Kubernetes resource name that is being referenced.\nLegal scope names have a maximum length of 251\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" @@ -224,21 +227,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\nscope or scopes. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -250,9 +253,10 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasememcachedbuckets.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasememcachedbuckets.yaml index d2633f1cc..9c78fff03 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasememcachedbuckets.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasememcachedbuckets.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasememcachedbuckets.couchbase.com" spec: group: "couchbase.com" @@ -24,34 +24,34 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "The CouchbaseMemcachedBucket resource defines a set of documents in Couchbase server. A Couchbase client connects to and operates on a bucket, which provides independent management of a set documents and a security boundary for role based access control. A CouchbaseEphemeralBucket provides in-memory only storage for documents contained by it." + description: "The CouchbaseMemcachedBucket resource defines a set of documents in Couchbase server.\nA Couchbase client connects to and operates on a bucket, which provides independent\nmanagement of a set documents and a security boundary for role based access control.\nA CouchbaseEphemeralBucket provides in-memory only storage for documents contained by it." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: default: {} - description: "CouchbaseMemcachedBucketSpec is the specification for a Memcached bucket resource, and allows the bucket to be customized." + description: "CouchbaseMemcachedBucketSpec is the specification for a Memcached bucket\nresource, and allows the bucket to be customized." properties: enableFlush: - description: "EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false." + description: "EnableFlush defines whether a client can delete all documents in a bucket.\nThis field defaults to false." type: "boolean" memoryQuota: anyOf: - type: "integer" - type: "string" default: "100Mi" - description: "MemoryQuota is a memory limit to the size of a bucket. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" + description: "MemoryQuota is a memory limit to the size of a bucket. The memory quota\nis defined per Couchbase pod running the data service. This field defaults to, and must\nbe greater than or equal to 100Mi. More info:\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" type: "string" x-kubernetes-int-or-string: true name: - description: "Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "Name is the name of the bucket within Couchbase server. By default the Operator\nwill use the `metadata.name` field to define the bucket name. The `metadata.name`\nfield only supports a subset of the supported character set. When specified, this\nfield overrides `metadata.name`. Legal bucket names have a maximum length of 100\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasemigrationreplications.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasemigrationreplications.yaml index ff3273316..2a98bb51f 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasemigrationreplications.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasemigrationreplications.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasemigrationreplications.couchbase.com" spec: group: "couchbase.com" @@ -30,13 +30,13 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "The CouchbaseScopeMigration resource represents the use of the special migration mapping within XDCR to take a filtered list from the default scope and collection of the source bucket, replicate it to named scopes and collections within the target bucket. The bucket-to-bucket replication cannot duplicate any used by the CouchbaseReplication resource, as these two types of replication are mutually exclusive between buckets. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#migration" + description: "The CouchbaseScopeMigration resource represents the use of the special migration mapping\nwithin XDCR to take a filtered list from the default scope and collection of the source bucket,\nreplicate it to named scopes and collections within the target bucket.\nThe bucket-to-bucket replication cannot duplicate any used by the CouchbaseReplication resource,\nas these two types of replication are mutually exclusive between buckets.\nhttps://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#migration" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -46,11 +46,11 @@ spec: mappings: description: "The migration mappings to use, should never be empty as that is just an implicit bucket-to-bucket replication then." items: - description: "Indicates whether this is using migration mapping or not. This is only valid when using the default scope/collection." + description: "Indicates whether this is using migration mapping or not.\nThis is only valid when using the default scope/collection." properties: filter: default: "_default._default" - description: "A filter to select from the source default scope and collection. Defaults to select everything in the default scope and collection." + description: "A filter to select from the source default scope and collection.\nDefaults to select everything in the default scope and collection." type: "string" targetKeyspace: description: "The destination of our migration, must be a scope and collection." @@ -81,13 +81,13 @@ spec: description: "CouchbaseReplicationSpec allows configuration of an XDCR replication." properties: bucket: - description: "Bucket is the source bucket to replicate from. This refers to the Couchbase bucket name, not the resource name of the bucket. A bucket with this name must be defined on this cluster. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "Bucket is the source bucket to replicate from. This refers to the Couchbase\nbucket name, not the resource name of the bucket. A bucket with this name must\nbe defined on this cluster. Legal bucket names have a maximum length of 100\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" compressionType: default: "Auto" - description: "CompressionType is the type of compression to apply to the replication. When None, no compression will be applied to documents as they are transferred between clusters. When Auto, Couchbase server will automatically compress documents as they are transferred to reduce bandwidth requirements. This field must be one of \"None\" or \"Auto\", defaulting to \"Auto\"." + description: "CompressionType is the type of compression to apply to the replication.\nWhen None, no compression will be applied to documents as they are\ntransferred between clusters. When Auto, Couchbase server will automatically\ncompress documents as they are transferred to reduce bandwidth requirements.\nThis field must be one of \"None\" or \"Auto\", defaulting to \"Auto\"." enum: - "None" - "Auto" @@ -96,10 +96,10 @@ spec: description: "FilterExpression allows certain documents to be filtered out of the replication." type: "string" paused: - description: "Paused allows a replication to be stopped and restarted without having to restart the replication from the beginning." + description: "Paused allows a replication to be stopped and restarted without having to\nrestart the replication from the beginning." type: "boolean" remoteBucket: - description: "RemoteBucket is the remote bucket name to synchronize to. This refers to the Couchbase bucket name, not the resource name of the bucket. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "RemoteBucket is the remote bucket name to synchronize to. This refers to the\nCouchbase bucket name, not the resource name of the bucket. Legal bucket names\nhave a maximum length of 100 characters and may be composed of any character from\n\"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasereplications.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasereplications.yaml index a4e0e5fdf..5c5f29ec1 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasereplications.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasereplications.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasereplications.couchbase.com" spec: group: "couchbase.com" @@ -30,21 +30,21 @@ spec: name: "v2" schema: openAPIV3Schema: - description: "The CouchbaseReplication resource represents a Couchbase-to-Couchbase, XDCR replication stream from a source bucket to a destination bucket. This provides off-site backup, migration, and disaster recovery." + description: "The CouchbaseReplication resource represents a Couchbase-to-Couchbase, XDCR replication\nstream from a source bucket to a destination bucket. This provides off-site backup,\nmigration, and disaster recovery." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" explicitMapping: - description: "The explicit mappings to use for replication which are optional. For Scopes and Collection replication support we can specify a set of implicit and explicit mappings to use. If none is specified then it is assumed to be existing bucket level replication. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping" + description: "The explicit mappings to use for replication which are optional.\nFor Scopes and Collection replication support we can specify a set of implicit and\nexplicit mappings to use. If none is specified then it is assumed to be existing\nbucket level replication.\nhttps://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping" properties: allowRules: - description: "The list of explicit replications to carry out including any nested implicit replications: specifying a scope implicitly replicates all collections within it. There should be no duplicates, including more-specific duplicates, e.g. if you specify replication of a scope then you can only deny replication of collections within it." + description: "The list of explicit replications to carry out including any nested implicit replications:\nspecifying a scope implicitly replicates all collections within it.\nThere should be no duplicates, including more-specific duplicates, e.g. if you specify replication\nof a scope then you can only deny replication of collections within it." items: - description: "CouchbaseAllowReplicationMapping is to cover Scope and Collection explicit replication. If a scope is defined then it implicitly allows all collections unless a more specific CouchbaseDenyReplicationMapping rule is present to block it. Once a rule is defined at scope level it should not be redefined at collection level. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html" + description: "CouchbaseAllowReplicationMapping is to cover Scope and Collection explicit replication.\nIf a scope is defined then it implicitly allows all collections unless a more specific\nCouchbaseDenyReplicationMapping rule is present to block it.\nOnce a rule is defined at scope level it should not be redefined at collection level.\nhttps://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html" properties: sourceKeyspace: - description: "The source keyspace: where to replicate from. Source and target must match whether they have a collection or not, i.e. you cannot replicate from a scope to a collection." + description: "The source keyspace: where to replicate from.\nSource and target must match whether they have a collection or not, i.e. you cannot\nreplicate from a scope to a collection." properties: collection: description: "The optional collection within the scope. May be empty to just work at scope level." @@ -62,7 +62,7 @@ spec: - "scope" type: "object" targetKeyspace: - description: "The target keyspace: where to replicate to. Source and target must match whether they have a collection or not, i.e. you cannot replicate from a scope to a collection." + description: "The target keyspace: where to replicate to.\nSource and target must match whether they have a collection or not, i.e. you cannot\nreplicate from a scope to a collection." properties: collection: description: "The optional collection within the scope. May be empty to just work at scope level." @@ -85,9 +85,9 @@ spec: type: "object" type: "array" denyRules: - description: "The list of explicit replications to prevent including any nested implicit denials: specifying a scope implicitly denies all collections within it. There should be no duplicates, including more-specific duplicates, e.g. if you specify denial of replication of a scope then you can only specify replication of collections within it." + description: "The list of explicit replications to prevent including any nested implicit denials:\nspecifying a scope implicitly denies all collections within it.\nThere should be no duplicates, including more-specific duplicates, e.g. if you specify denial of\nreplication of a scope then you can only specify replication of collections within it." items: - description: "Provide rules to block implicit replication at scope or collection level. You may want to implicitly map all scopes or collections except a specific one (or set) so this is a better way to express that by creating rules just for those to deny." + description: "Provide rules to block implicit replication at scope or collection level.\nYou may want to implicitly map all scopes or collections except a specific one (or set) so this\nis a better way to express that by creating rules just for those to deny." properties: sourceKeyspace: description: "The source keyspace: where to block replication from." @@ -113,7 +113,7 @@ spec: type: "array" type: "object" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -121,13 +121,13 @@ spec: description: "CouchbaseReplicationSpec allows configuration of an XDCR replication." properties: bucket: - description: "Bucket is the source bucket to replicate from. This refers to the Couchbase bucket name, not the resource name of the bucket. A bucket with this name must be defined on this cluster. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "Bucket is the source bucket to replicate from. This refers to the Couchbase\nbucket name, not the resource name of the bucket. A bucket with this name must\nbe defined on this cluster. Legal bucket names have a maximum length of 100\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" compressionType: default: "Auto" - description: "CompressionType is the type of compression to apply to the replication. When None, no compression will be applied to documents as they are transferred between clusters. When Auto, Couchbase server will automatically compress documents as they are transferred to reduce bandwidth requirements. This field must be one of \"None\" or \"Auto\", defaulting to \"Auto\"." + description: "CompressionType is the type of compression to apply to the replication.\nWhen None, no compression will be applied to documents as they are\ntransferred between clusters. When Auto, Couchbase server will automatically\ncompress documents as they are transferred to reduce bandwidth requirements.\nThis field must be one of \"None\" or \"Auto\", defaulting to \"Auto\"." enum: - "None" - "Auto" @@ -136,10 +136,10 @@ spec: description: "FilterExpression allows certain documents to be filtered out of the replication." type: "string" paused: - description: "Paused allows a replication to be stopped and restarted without having to restart the replication from the beginning." + description: "Paused allows a replication to be stopped and restarted without having to\nrestart the replication from the beginning." type: "boolean" remoteBucket: - description: "RemoteBucket is the remote bucket name to synchronize to. This refers to the Couchbase bucket name, not the resource name of the bucket. Legal bucket names have a maximum length of 100 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." + description: "RemoteBucket is the remote bucket name to synchronize to. This refers to the\nCouchbase bucket name, not the resource name of the bucket. Legal bucket names\nhave a maximum length of 100 characters and may be composed of any character from\n\"a-z\", \"A-Z\", \"0-9\" and \"-_%\\.\"." maxLength: 100 pattern: "^[a-zA-Z0-9-_%\\.]{1,100}$" type: "string" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaserolebindings.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaserolebindings.yaml index 3d827123b..95509f404 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaserolebindings.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaserolebindings.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbaserolebindings.couchbase.com" spec: group: "couchbase.com" @@ -20,15 +20,15 @@ spec: description: "CouchbaseRoleBinding allows association of Couchbase users with groups." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "CouchbaseRoleBindingSpec defines the group of subjects i.e. users, and the role i.e. group they are a member of." + description: "CouchbaseRoleBindingSpec defines the group of subjects i.e. users, and the\nrole i.e. group they are a member of." properties: roleRef: description: "CouchbaseGroup being bound to subjects." diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopegroups.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopegroups.yaml index 64e208cc6..8e92ddc57 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopegroups.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopegroups.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasescopegroups.couchbase.com" spec: group: "couchbase.com" @@ -17,13 +17,13 @@ spec: - name: "v2" schema: openAPIV3Schema: - description: "CouchbaseScopeGroup represents a logical unit of data storage that sits between buckets and collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple collections. At present, scopes are not nested, so provide only a single level of abstraction. Scopes provide a coarser grained basis for role-based access control (RBAC) and cross-datacenter replication (XDCR) than collections, but finer that buckets. In order to be considered by the Operator, a scope must be referenced by either a `CouchbaseBucket` or `CouchbaseEphemeralBucket` resource. Unlike `CouchbaseScope` resources, scope groups represents multiple scopes, with the same common set of collections, to be expressed as a single resource, minimizing required configuration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC security boundaries." + description: "CouchbaseScopeGroup represents a logical unit of data storage that sits between buckets and\ncollections e.g. a bucket may contain multiple scopes, and a scope may contain multiple\ncollections. At present, scopes are not nested, so provide only a single level of\nabstraction. Scopes provide a coarser grained basis for role-based access control (RBAC)\nand cross-datacenter replication (XDCR) than collections, but finer that buckets.\nIn order to be considered by the Operator, a scope must be referenced by either a\n`CouchbaseBucket` or `CouchbaseEphemeralBucket` resource.\nUnlike `CouchbaseScope` resources, scope groups represents multiple scopes, with the same\ncommon set of collections, to be expressed as a single resource, minimizing required\nconfiguration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC\nsecurity boundaries." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -31,27 +31,27 @@ spec: description: "Spec defines the desired state of the resource." properties: collections: - description: "Collections defines how to collate collections included in this scope or scope group. Any of the provided methods may be used to collate a set of collections to manage. Collated collections must have unique names, otherwise it is considered ambiguous, and an error condition." + description: "Collections defines how to collate collections included in this scope or scope group.\nAny of the provided methods may be used to collate a set of collections to\nmanage. Collated collections must have unique names, otherwise it is\nconsidered ambiguous, and an error condition." properties: managed: - description: "Managed indicates whether collections within this scope are managed. If not then you can dynamically create and delete collections with the Couchbase UI or SDKs." + description: "Managed indicates whether collections within this scope are managed.\nIf not then you can dynamically create and delete collections with\nthe Couchbase UI or SDKs." type: "boolean" preserveDefaultCollection: - description: "PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. The default collection can be deleted, but can not be recreated by Couchbase Server. By setting this field to `true`, the Operator will implicitly manage the default collection within the default scope. The default collection cannot be modified and will have no document time-to-live (TTL). When set to `false`, the operator will not manage the default collection, which will be deleted and cannot be used or recreated." + description: "PreserveDefaultCollection indicates whether the Operator should manage the\ndefault collection within the default scope. The default collection can\nbe deleted, but can not be recreated by Couchbase Server. By setting this\nfield to `true`, the Operator will implicitly manage the default collection\nwithin the default scope. The default collection cannot be modified and\nwill have no document time-to-live (TTL). When set to `false`, the operator\nwill not manage the default collection, which will be deleted and cannot be\nused or recreated." type: "boolean" resources: - description: "Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named resources that will be considered\nfor inclusion in this scope or scopes. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseCollection" - description: "Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` resource kinds. This field defaults to `CouchbaseCollection` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A scope\ncan only reference `CouchbaseCollection` and `CouchbaseCollectionGroup`\nresource kinds. This field defaults to `CouchbaseCollection` if not\nspecified." enum: - "CouchbaseCollection" - "CouchbaseCollectionGroup" type: "string" name: - description: "Name is the name of the Kubernetes resource name that is being referenced. Legal collection names have a maximum length of 251 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." + description: "Name is the name of the Kubernetes resource name that is being referenced.\nLegal collection names have a maximum length of 251\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" @@ -61,21 +61,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\nscope or scopes. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -87,14 +87,15 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" names: - description: "Names specifies the names of the scopes. Unlike CouchbaseScope, which specifies a single scope, a scope group specifies multiple, and the scope group must specify at least one scope name. Any scope names specified must be unique. Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %." + description: "Names specifies the names of the scopes. Unlike CouchbaseScope, which\nspecifies a single scope, a scope group specifies multiple, and the\nscope group must specify at least one scope name.\nAny scope names specified must be unique.\nScope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%]\nand not start with either _ or %." items: - description: "ScopeOrCollectionName is a generic type to capture a valid scope or collection name. These must consist of 1-251 characters, include only A-Z, a-z, 0-9, -, _ or %, and must not start with _ (which is an internal marker) or % (which is probably an escape character in language X)." + description: "ScopeOrCollectionName is a generic type to capture a valid\nscope or collection name. These must consist of 1-251 characters,\ninclude only A-Z, a-z, 0-9, -, _ or %, and must not start with\n_ (which is an internal marker) or % (which is probably an escape\ncharacter in language X)." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopes.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopes.yaml index ff3d95200..d21b2cf69 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopes.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbasescopes.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbasescopes.couchbase.com" spec: group: "couchbase.com" @@ -17,13 +17,13 @@ spec: - name: "v2" schema: openAPIV3Schema: - description: "CouchbaseScope represents a logical unit of data storage that sits between buckets and collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple collections. At present, scopes are not nested, so provide only a single level of abstraction. Scopes provide a coarser grained basis for role-based access control (RBAC) and cross-datacenter replication (XDCR) than collections, but finer that buckets. In order to be considered by the Operator, a scope must be referenced by either a `CouchbaseBucket` or `CouchbaseEphemeralBucket` resource." + description: "CouchbaseScope represents a logical unit of data storage that sits between buckets and\ncollections e.g. a bucket may contain multiple scopes, and a scope may contain multiple\ncollections. At present, scopes are not nested, so provide only a single level of\nabstraction. Scopes provide a coarser grained basis for role-based access control (RBAC)\nand cross-datacenter replication (XDCR) than collections, but finer that buckets.\nIn order to be considered by the Operator, a scope must be referenced by either a\n`CouchbaseBucket` or `CouchbaseEphemeralBucket` resource." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -32,27 +32,27 @@ spec: description: "Spec defines the desired state of the resource." properties: collections: - description: "Collections defines how to collate collections included in this scope or scope group. Any of the provided methods may be used to collate a set of collections to manage. Collated collections must have unique names, otherwise it is considered ambiguous, and an error condition." + description: "Collections defines how to collate collections included in this scope or scope group.\nAny of the provided methods may be used to collate a set of collections to\nmanage. Collated collections must have unique names, otherwise it is\nconsidered ambiguous, and an error condition." properties: managed: - description: "Managed indicates whether collections within this scope are managed. If not then you can dynamically create and delete collections with the Couchbase UI or SDKs." + description: "Managed indicates whether collections within this scope are managed.\nIf not then you can dynamically create and delete collections with\nthe Couchbase UI or SDKs." type: "boolean" preserveDefaultCollection: - description: "PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. The default collection can be deleted, but can not be recreated by Couchbase Server. By setting this field to `true`, the Operator will implicitly manage the default collection within the default scope. The default collection cannot be modified and will have no document time-to-live (TTL). When set to `false`, the operator will not manage the default collection, which will be deleted and cannot be used or recreated." + description: "PreserveDefaultCollection indicates whether the Operator should manage the\ndefault collection within the default scope. The default collection can\nbe deleted, but can not be recreated by Couchbase Server. By setting this\nfield to `true`, the Operator will implicitly manage the default collection\nwithin the default scope. The default collection cannot be modified and\nwill have no document time-to-live (TTL). When set to `false`, the operator\nwill not manage the default collection, which will be deleted and cannot be\nused or recreated." type: "boolean" resources: - description: "Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency." + description: "Resources is an explicit list of named resources that will be considered\nfor inclusion in this scope or scopes. If a resource reference doesn't\nmatch a resource, then no error conditions are raised due to undefined\nresource creation ordering and eventual consistency." items: properties: kind: default: "CouchbaseCollection" - description: "Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` resource kinds. This field defaults to `CouchbaseCollection` if not specified." + description: "Kind indicates the kind of resource that is being referenced. A scope\ncan only reference `CouchbaseCollection` and `CouchbaseCollectionGroup`\nresource kinds. This field defaults to `CouchbaseCollection` if not\nspecified." enum: - "CouchbaseCollection" - "CouchbaseCollectionGroup" type: "string" name: - description: "Name is the name of the Kubernetes resource name that is being referenced. Legal collection names have a maximum length of 251 characters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." + description: "Name is the name of the Kubernetes resource name that is being referenced.\nLegal collection names have a maximum length of 251\ncharacters and may be composed of any character from \"a-z\", \"A-Z\", \"0-9\" and \"_-%\"." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" @@ -62,21 +62,21 @@ spec: type: "object" type: "array" selector: - description: "Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta" + description: "Selector allows resources to be implicitly considered for inclusion in this\nscope or scopes. More info:\nhttps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -88,15 +88,16 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" type: "object" defaultScope: - description: "DefaultScope indicates whether this resource represents the default scope for a bucket. When set to `true`, this allows the user to refer to and manage collections within the default scope. When not defined, the Operator will implicitly manage the default scope as the default scope can not be deleted from Couchbase Server. The Operator defined default scope will also have the `persistDefaultCollection` flag set to `true`. Only one default scope is permitted to be contained in a bucket." + description: "DefaultScope indicates whether this resource represents the default scope\nfor a bucket. When set to `true`, this allows the user to refer to and\nmanage collections within the default scope. When not defined, the Operator\nwill implicitly manage the default scope as the default scope can not be\ndeleted from Couchbase Server. The Operator defined default scope will\nalso have the `persistDefaultCollection` flag set to `true`. Only one\ndefault scope is permitted to be contained in a bucket." type: "boolean" name: - description: "Name specifies the name of the scope. By default, the metadata.name is used to define the scope name, however, due to the limited character set, this field can be used to override the default and provide the full functionality. Additionally the `metadata.name` field is a DNS label, and thus limited to 63 characters, this field must be used if the name is longer than this limit. Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %." + description: "Name specifies the name of the scope. By default, the metadata.name is\nused to define the scope name, however, due to the limited character set,\nthis field can be used to override the default and provide the full functionality.\nAdditionally the `metadata.name` field is a DNS label, and thus limited to 63\ncharacters, this field must be used if the name is longer than this limit.\nScope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%]\nand not start with either _ or %." maxLength: 251 minLength: 1 pattern: "^[a-zA-Z0-9\\-][a-zA-Z0-9\\-%_]{0,250}$" diff --git a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseusers.yaml b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseusers.yaml index 03ce1a273..885873be9 100644 --- a/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseusers.yaml +++ b/crd-catalog/couchbase-partners/helm-charts/couchbase.com/v2/couchbaseusers.yaml @@ -2,8 +2,8 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - config.couchbase.com/version: "2.5.0" - controller-gen.kubebuilder.io/version: "v0.8.0" + config.couchbase.com/version: "2.7.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "couchbaseusers.couchbase.com" spec: group: "couchbase.com" @@ -20,10 +20,10 @@ spec: description: "CouchbaseUser allows the automation of Couchbase user management." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml index d2cf2ae10..edad01d39 100644 --- a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml +++ b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml @@ -410,13 +410,13 @@ spec: type: "object" mode: default: "Resources" - description: "Mode controls what type or \"mode\" of Composition will be used.\n\n\n\"Resources\" (the default) indicates that a Composition uses what is\ncommonly referred to as \"Patch & Transform\" or P&T composition. This mode\nof Composition uses an array of resources, each a template for a composed\nresource.\n\n\n\"Pipeline\" indicates that a Composition specifies a pipeline\nof Composition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update. THE PIPELINE\nMODE IS A BETA FEATURE. It is not honored if the relevant Crossplane\nfeature flag is disabled." + description: "Mode controls what type or \"mode\" of Composition will be used.\n\n\n\"Pipeline\" indicates that a Composition specifies a pipeline of\nComposition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update.\n\n\n\"Resources\" indicates that a Composition uses what is commonly referred\nto as \"Patch & Transform\" or P&T composition. This mode of Composition\nuses an array of resources, each a template for a composed resource.\n\n\nAll Compositions should use Pipeline mode. Resources mode is deprecated.\nResources mode won't be removed in Crossplane 1.x, and will remain the\ndefault to avoid breaking legacy Compositions. However, it's no longer\naccepting new features, and only accepting security related bug fixes." enum: - "Resources" - "Pipeline" type: "string" patchSets: - description: "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes." + description: "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes.\n\n\nDeprecated: Use Composition Functions instead." items: description: "A PatchSet is a set of patches that can be reused from all resources within\na Composition." properties: @@ -679,7 +679,7 @@ spec: type: "object" type: "array" pipeline: - description: "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes.\n\n\nTHIS IS A BETA FIELD. It is not honored if the relevant Crossplane\nfeature flag is disabled." + description: "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes." items: description: "A PipelineStep in a Composition Function pipeline." properties: @@ -740,6 +740,9 @@ spec: - "step" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "step" + x-kubernetes-list-type: "map" publishConnectionDetailsWithStoreConfigRef: default: name: "default" @@ -752,7 +755,7 @@ spec: - "name" type: "object" resources: - description: "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes." + description: "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes.\n\n\nDeprecated: Use Composition Functions instead." items: description: "ComposedTemplate is used to provide information about how the composed resource\nshould be processed." properties: diff --git a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml index 97d723d0c..e7948cd70 100644 --- a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml +++ b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml @@ -407,13 +407,13 @@ spec: type: "object" mode: default: "Resources" - description: "Mode controls what type or \"mode\" of Composition will be used.\n\n\n\"Resources\" (the default) indicates that a Composition uses what is\ncommonly referred to as \"Patch & Transform\" or P&T composition. This mode\nof Composition uses an array of resources, each a template for a composed\nresource.\n\n\n\"Pipeline\" indicates that a Composition specifies a pipeline\nof Composition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update. THE PIPELINE\nMODE IS A BETA FEATURE. It is not honored if the relevant Crossplane\nfeature flag is disabled." + description: "Mode controls what type or \"mode\" of Composition will be used.\n\n\n\"Pipeline\" indicates that a Composition specifies a pipeline of\nComposition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update.\n\n\n\"Resources\" indicates that a Composition uses what is commonly referred\nto as \"Patch & Transform\" or P&T composition. This mode of Composition\nuses an array of resources, each a template for a composed resource.\n\n\nAll Compositions should use Pipeline mode. Resources mode is deprecated.\nResources mode won't be removed in Crossplane 1.x, and will remain the\ndefault to avoid breaking legacy Compositions. However, it's no longer\naccepting new features, and only accepting security related bug fixes." enum: - "Resources" - "Pipeline" type: "string" patchSets: - description: "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes." + description: "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes.\n\n\nDeprecated: Use Composition Functions instead." items: description: "A PatchSet is a set of patches that can be reused from all resources within\na Composition." properties: @@ -676,7 +676,7 @@ spec: type: "object" type: "array" pipeline: - description: "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes.\n\n\nTHIS IS A BETA FIELD. It is not honored if the relevant Crossplane\nfeature flag is disabled." + description: "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes." items: description: "A PipelineStep in a Composition Function pipeline." properties: @@ -752,7 +752,7 @@ spec: - "name" type: "object" resources: - description: "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes." + description: "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes.\n\n\nDeprecated: Use Composition Functions instead." items: description: "ComposedTemplate is used to provide information about how the composed resource\nshould be processed." properties: diff --git a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml index 6e42ae1d5..6609e3563 100644 --- a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml +++ b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml @@ -410,13 +410,13 @@ spec: type: "object" mode: default: "Resources" - description: "Mode controls what type or \"mode\" of Composition will be used.\n\n\n\"Resources\" (the default) indicates that a Composition uses what is\ncommonly referred to as \"Patch & Transform\" or P&T composition. This mode\nof Composition uses an array of resources, each a template for a composed\nresource.\n\n\n\"Pipeline\" indicates that a Composition specifies a pipeline\nof Composition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update. THE PIPELINE\nMODE IS A BETA FEATURE. It is not honored if the relevant Crossplane\nfeature flag is disabled." + description: "Mode controls what type or \"mode\" of Composition will be used.\n\n\n\"Pipeline\" indicates that a Composition specifies a pipeline of\nComposition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update.\n\n\n\"Resources\" indicates that a Composition uses what is commonly referred\nto as \"Patch & Transform\" or P&T composition. This mode of Composition\nuses an array of resources, each a template for a composed resource.\n\n\nAll Compositions should use Pipeline mode. Resources mode is deprecated.\nResources mode won't be removed in Crossplane 1.x, and will remain the\ndefault to avoid breaking legacy Compositions. However, it's no longer\naccepting new features, and only accepting security related bug fixes." enum: - "Resources" - "Pipeline" type: "string" patchSets: - description: "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes." + description: "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes.\n\n\nDeprecated: Use Composition Functions instead." items: description: "A PatchSet is a set of patches that can be reused from all resources within\na Composition." properties: @@ -679,7 +679,7 @@ spec: type: "object" type: "array" pipeline: - description: "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes.\n\n\nTHIS IS A BETA FIELD. It is not honored if the relevant Crossplane\nfeature flag is disabled." + description: "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes." items: description: "A PipelineStep in a Composition Function pipeline." properties: @@ -740,6 +740,9 @@ spec: - "step" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "step" + x-kubernetes-list-type: "map" publishConnectionDetailsWithStoreConfigRef: default: name: "default" @@ -752,7 +755,7 @@ spec: - "name" type: "object" resources: - description: "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes." + description: "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes.\n\n\nDeprecated: Use Composition Functions instead." items: description: "ComposedTemplate is used to provide information about how the composed resource\nshould be processed." properties: diff --git a/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml b/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml index 348e8bf94..2d13266ad 100644 --- a/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml +++ b/crd-catalog/eclipse-che/che-operator/org.eclipse.che/v2/checlusters.yaml @@ -1999,6 +1999,11 @@ spec: - "IfNotPresent" - "Never" type: "string" + maxNumberOfRunningWorkspacesPerCluster: + description: "The maximum number of concurrently running workspaces across the entire Kubernetes cluster.\nThis applies to all users in the system. If the value is set to -1, it means there is\nno limit on the number of running workspaces." + format: "int64" + minimum: -1.0 + type: "integer" maxNumberOfRunningWorkspacesPerUser: description: "The maximum number of running workspaces per user.\nThe value, -1, allows users to run an unlimited number of workspaces." format: "int64" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml index c41ee38eb..cb47ff2fe 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "clustersecretstores.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml index 92bb31f3b..ae862e1ff 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "externalsecrets.external-secrets.io" @@ -220,7 +220,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml index e876c0dfe..f34ee4c55 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "secretstores.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml index eddb21a8d..b1f07f19f 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "clusterexternalsecrets.external-secrets.io" @@ -114,7 +114,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: "GeneratorRef points to a generator custom resource.\n\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1." + description: "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1." properties: apiVersion: default: "generators.external-secrets.io/v1alpha1" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml index e889f0850..bc7b878ed 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "clustersecretstores.external-secrets.io" @@ -675,6 +675,28 @@ spec: caBundle: description: "Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack\ncan be performed." type: "string" + caProvider: + description: "see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider" + properties: + key: + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + type: "string" + name: + description: "The name of the object located at the provider type." + type: "string" + namespace: + description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + type: "string" + type: + description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." + enum: + - "Secret" + - "ConfigMap" + type: "string" + required: + - "name" + - "type" + type: "object" identityURL: type: "string" organizationID: @@ -685,7 +707,6 @@ spec: type: "string" required: - "auth" - - "caBundle" - "organizationID" - "projectID" type: "object" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml index 530146405..255268ba1 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "externalsecrets.external-secrets.io" @@ -99,7 +99,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: "GeneratorRef points to a generator custom resource.\n\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1." + description: "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1." properties: apiVersion: default: "generators.external-secrets.io/v1alpha1" @@ -423,7 +423,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml index f46f5c91f..2c28e75a5 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" labels: external-secrets.io/component: "controller" name: "secretstores.external-secrets.io" @@ -675,6 +675,28 @@ spec: caBundle: description: "Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack\ncan be performed." type: "string" + caProvider: + description: "see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider" + properties: + key: + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + type: "string" + name: + description: "The name of the object located at the provider type." + type: "string" + namespace: + description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + type: "string" + type: + description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." + enum: + - "Secret" + - "ConfigMap" + type: "string" + required: + - "name" + - "type" + type: "object" identityURL: type: "string" organizationID: @@ -685,7 +707,6 @@ spec: type: "string" required: - "auth" - - "caBundle" - "organizationID" - "projectID" type: "object" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml index 97cc3e6f8..53024a97a 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml @@ -435,6 +435,8 @@ spec: type: "object" aggregatorName: type: "string" + assumeRole: + type: "string" connection: description: "ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey." type: "string" @@ -796,6 +798,8 @@ spec: type: "string" type: "object" type: "object" + assumeRole: + type: "string" complianceTypes: description: "Filters the results by compliance. The allowed values are INSUFFICIENT_DATA, NON_COMPLIANT, NOT_APPLICABLE, COMPLIANT" items: @@ -1733,6 +1737,8 @@ spec: items: type: "string" type: "array" + assumeRole: + type: "string" connection: description: "ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey." type: "string" @@ -4431,6 +4437,8 @@ spec: type: "string" type: "object" type: "object" + assumeRole: + type: "string" connection: description: "ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey." type: "string" @@ -4982,6 +4990,8 @@ spec: type: "string" type: "object" type: "object" + assumeRole: + type: "string" bucket: type: "string" connection: @@ -11807,6 +11817,8 @@ spec: type: "string" type: "object" type: "object" + assumeRole: + type: "string" bucket: type: "string" bucketName: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml index cca26a3ab..dc01d7ad0 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml @@ -223,6 +223,75 @@ spec: description: "This is an optional feature flag to get metadata information from kubelet\ninstead of calling Kube Server API to enhance the log.\nThis could mitigate the Kube API heavy traffic issue for large cluster." type: "boolean" type: "object" + logToMetrics: + description: "LogToMetrics defines a Log to Metrics Filter configuration." + properties: + addLabel: + description: "Add a custom label NAME and set the value to the value of KEY" + items: + type: "string" + type: "array" + alias: + description: "Alias for the plugin" + type: "string" + bucket: + description: "Defines a bucket for histogram" + items: + type: "string" + type: "array" + discardLogs: + description: "Flag that defines if logs should be discarded after processing. This applies\nfor all logs, no matter if they have emitted metrics or not." + type: "boolean" + emitterMemBufLimit: + description: "set a buffer limit to restrict memory usage of metrics emitter" + type: "string" + emitterName: + description: "Name of the emitter (advanced users)" + type: "string" + exclude: + description: "Optional filter for records in which the content of KEY does not matches the regular expression.\nValue Format: FIELD REGEX" + items: + type: "string" + type: "array" + kubernetesMode: + description: "If enabled, it will automatically put pod_id, pod_name, namespace_name, docker_id and container_name\ninto the metric as labels. This option is intended to be used in combination with the kubernetes filter plugin." + type: "boolean" + labelField: + description: "Includes a record field as label dimension in the metric." + items: + type: "string" + type: "array" + metricDescription: + description: "Sets a help text for the metric." + type: "string" + metricMode: + description: "Defines the mode for the metric. Valid values are [counter, gauge or histogram]" + type: "string" + metricName: + description: "Sets the name of the metric." + type: "string" + metricNamespace: + description: "Namespace of the metric" + type: "string" + metricSubsystem: + description: "Sets a sub-system for the metric." + type: "string" + regex: + description: "Optional filter for records in which the content of KEY matches the regular expression.\nValue Format: FIELD REGEX" + items: + type: "string" + type: "array" + retryLimit: + description: "RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1." + pattern: "^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$" + type: "string" + tag: + description: "Defines the tag for the generated metrics record" + type: "string" + valueField: + description: "Specify the record field that holds a numerical value" + type: "string" + type: "object" lua: description: "Lua defines Lua Filter configuration." properties: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml index 3a4db93f7..24c31334f 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml @@ -2205,6 +2205,9 @@ spec: logResponsePayload: description: "Log the response payload within the Fluent Bit log." type: "boolean" + logsBodyKeyAttributes: + description: "If true, remaining unmatched keys are added as attributes." + type: "boolean" logsUri: description: "Specify an optional HTTP URI for the target web server listening for logs, e.g: /v1/logs" type: "string" @@ -3222,6 +3225,9 @@ spec: description: "Hostname to be used for TLS SNI extension" type: "string" type: "object" + totalLimitSize: + description: "Limit the maximum number of Chunks in the filesystem for the current output logical destination." + type: "string" type: "object" tcp: description: "TCP defines TCP Output configuration." diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml index f7b71d15b..4814ffb2c 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml @@ -223,6 +223,75 @@ spec: description: "This is an optional feature flag to get metadata information from kubelet\ninstead of calling Kube Server API to enhance the log.\nThis could mitigate the Kube API heavy traffic issue for large cluster." type: "boolean" type: "object" + logToMetrics: + description: "LogToMetrics defines a Log to Metrics Filter configuration." + properties: + addLabel: + description: "Add a custom label NAME and set the value to the value of KEY" + items: + type: "string" + type: "array" + alias: + description: "Alias for the plugin" + type: "string" + bucket: + description: "Defines a bucket for histogram" + items: + type: "string" + type: "array" + discardLogs: + description: "Flag that defines if logs should be discarded after processing. This applies\nfor all logs, no matter if they have emitted metrics or not." + type: "boolean" + emitterMemBufLimit: + description: "set a buffer limit to restrict memory usage of metrics emitter" + type: "string" + emitterName: + description: "Name of the emitter (advanced users)" + type: "string" + exclude: + description: "Optional filter for records in which the content of KEY does not matches the regular expression.\nValue Format: FIELD REGEX" + items: + type: "string" + type: "array" + kubernetesMode: + description: "If enabled, it will automatically put pod_id, pod_name, namespace_name, docker_id and container_name\ninto the metric as labels. This option is intended to be used in combination with the kubernetes filter plugin." + type: "boolean" + labelField: + description: "Includes a record field as label dimension in the metric." + items: + type: "string" + type: "array" + metricDescription: + description: "Sets a help text for the metric." + type: "string" + metricMode: + description: "Defines the mode for the metric. Valid values are [counter, gauge or histogram]" + type: "string" + metricName: + description: "Sets the name of the metric." + type: "string" + metricNamespace: + description: "Namespace of the metric" + type: "string" + metricSubsystem: + description: "Sets a sub-system for the metric." + type: "string" + regex: + description: "Optional filter for records in which the content of KEY matches the regular expression.\nValue Format: FIELD REGEX" + items: + type: "string" + type: "array" + retryLimit: + description: "RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1." + pattern: "^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$" + type: "string" + tag: + description: "Defines the tag for the generated metrics record" + type: "string" + valueField: + description: "Specify the record field that holds a numerical value" + type: "string" + type: "object" lua: description: "Lua defines Lua Filter configuration." properties: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml index 6fd7052b9..794bdcbf6 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml @@ -2205,6 +2205,9 @@ spec: logResponsePayload: description: "Log the response payload within the Fluent Bit log." type: "boolean" + logsBodyKeyAttributes: + description: "If true, remaining unmatched keys are added as attributes." + type: "boolean" logsUri: description: "Specify an optional HTTP URI for the target web server listening for logs, e.g: /v1/logs" type: "string" @@ -3222,6 +3225,9 @@ spec: description: "Hostname to be used for TLS SNI extension" type: "string" type: "object" + totalLimitSize: + description: "Limit the maximum number of Chunks in the filesystem for the current output logical destination." + type: "string" type: "object" tcp: description: "TCP defines TCP Output configuration." diff --git a/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/alluxioruntimes.yaml b/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/alluxioruntimes.yaml index fcd6be23a..303964afa 100644 --- a/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/alluxioruntimes.yaml +++ b/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/alluxioruntimes.yaml @@ -736,7 +736,6 @@ spec: description: "MetadataSyncPolicy defines the policy of syncing metadata when setting up the runtime. If not set," properties: autoSync: - default: true description: "AutoSync enables automatic metadata sync when setting up a runtime. If not set, it defaults to true." type: "boolean" type: "object" diff --git a/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/thinruntimes.yaml b/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/thinruntimes.yaml index 01b783b13..e3128f897 100644 --- a/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/thinruntimes.yaml +++ b/crd-catalog/fluid-cloudnative/fluid/data.fluid.io/v1alpha1/thinruntimes.yaml @@ -476,7 +476,6 @@ spec: description: "MetadataSyncPolicy defines the policy of syncing metadata when setting up the runtime. If not set," properties: autoSync: - default: true description: "AutoSync enables automatic metadata sync when setting up a runtime. If not set, it defaults to true." type: "boolean" type: "object" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml index cd0d990b5..637888f8a 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml @@ -119,8 +119,17 @@ spec: - "name" type: "object" sts: - description: "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\n\nThis field is only supported for the `aws` provider." + description: "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\n\nThis field is only supported for the `aws` and `generic` providers." properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\n\nand whichever are supplied, will be used for connecting to the\nSTS endpoint. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\n\nThis field is only supported for the `ldap` provider." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" endpoint: description: "Endpoint is the HTTP/S endpoint of the Security Token Service from\nwhere temporary credentials will be fetched." pattern: "^(http|https)://.*$" @@ -129,7 +138,17 @@ spec: description: "Provider of the Security Token Service." enum: - "aws" + - "ldap" type: "string" + secretRef: + description: "SecretRef specifies the Secret containing authentication credentials\nfor the STS endpoint. This Secret must contain the fields `username`\nand `password` and is supported only for the `ldap` provider." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" required: - "endpoint" - "provider" @@ -148,10 +167,16 @@ spec: - "interval" type: "object" x-kubernetes-validations: - - message: "STS configuration is only supported for the 'aws' Bucket provider" - rule: "self.provider == 'aws' || !has(self.sts)" + - message: "STS configuration is only supported for the 'aws' and 'generic' Bucket providers" + rule: "self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)" - message: "'aws' is the only supported STS provider for the 'aws' Bucket provider" rule: "self.provider != 'aws' || !has(self.sts) || self.sts.provider == 'aws'" + - message: "'ldap' is the only supported STS provider for the 'generic' Bucket provider" + rule: "self.provider != 'generic' || !has(self.sts) || self.sts.provider == 'ldap'" + - message: "spec.sts.secretRef is not required for the 'aws' STS provider" + rule: "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.secretRef)" + - message: "spec.sts.certSecretRef is not required for the 'aws' STS provider" + rule: "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.certSecretRef)" status: default: observedGeneration: -1 diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml index 81836d433..671ec94de 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml @@ -4805,6 +4805,27 @@ spec: - "key" type: "object" x-kubernetes-map-type: "atomic" + tls: + description: "TLS Configuration used to talk with the external grafana instance." + properties: + certSecretRef: + description: "Use a secret as a reference to give TLS Certificate information" + properties: + name: + description: "name is unique within a namespace to reference a secret resource." + type: "string" + namespace: + description: "namespace defines the space within which the secret name must be unique." + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + insecureSkipVerify: + description: "Disable the CA check of the server" + type: "boolean" + type: "object" + x-kubernetes-validations: + - message: "insecureSkipVerify and certSecretRef cannot be set at the same time" + rule: "(has(self.insecureSkipVerify) && !(has(self.certSecretRef))) || (has(self.certSecretRef) && !(has(self.insecureSkipVerify)))" url: description: "URL of the external grafana instance you want to manage." type: "string" diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml index 1e1d5edcd..2ed2e28e2 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml @@ -968,6 +968,10 @@ spec: description: "MaxSessions defines the maximum number of concurrent sessions per connection." format: "int64" type: "integer" + mfa_verification_interval: + description: "MFAVerificationInterval optionally defines the maximum duration that can elapse between successive MFA verifications. This variable is used to ensure that users are periodically prompted to verify their identity, enhancing security by preventing prolonged sessions without re-authentication when using tsh proxy * derivatives. It's only effective if the session requires MFA. If not set, defaults to `max_session_ttl`." + format: "duration" + type: "string" permit_x11_forwarding: description: "PermitX11Forwarding authorizes use of X11 forwarding." type: "boolean" diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml index 0dc3fac6b..30b0dc50a 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml @@ -968,6 +968,10 @@ spec: description: "MaxSessions defines the maximum number of concurrent sessions per connection." format: "int64" type: "integer" + mfa_verification_interval: + description: "MFAVerificationInterval optionally defines the maximum duration that can elapse between successive MFA verifications. This variable is used to ensure that users are periodically prompted to verify their identity, enhancing security by preventing prolonged sessions without re-authentication when using tsh proxy * derivatives. It's only effective if the session requires MFA. If not set, defaults to `max_session_ttl`." + format: "duration" + type: "string" permit_x11_forwarding: description: "PermitX11Forwarding authorizes use of X11 forwarding." type: "boolean" diff --git a/crd-catalog/istio/istio/networking.istio.io/v1/workloadgroups.yaml b/crd-catalog/istio/istio/networking.istio.io/v1/workloadgroups.yaml index dc0d40f15..5eb02f06f 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1/workloadgroups.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1/workloadgroups.yaml @@ -185,8 +185,6 @@ spec: type: "integer" type: "object" x-kubernetes-validations: - - message: "Address is required" - rule: "has(self.address) || has(self.network)" - message: "UDS may not include ports" rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" required: diff --git a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/workloadgroups.yaml b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/workloadgroups.yaml index a5cc995f8..78c0530f6 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1alpha3/workloadgroups.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1alpha3/workloadgroups.yaml @@ -185,8 +185,6 @@ spec: type: "integer" type: "object" x-kubernetes-validations: - - message: "Address is required" - rule: "has(self.address) || has(self.network)" - message: "UDS may not include ports" rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" required: diff --git a/crd-catalog/istio/istio/networking.istio.io/v1beta1/workloadgroups.yaml b/crd-catalog/istio/istio/networking.istio.io/v1beta1/workloadgroups.yaml index 69cc7c7ab..1d5ffec92 100644 --- a/crd-catalog/istio/istio/networking.istio.io/v1beta1/workloadgroups.yaml +++ b/crd-catalog/istio/istio/networking.istio.io/v1beta1/workloadgroups.yaml @@ -185,8 +185,6 @@ spec: type: "integer" type: "object" x-kubernetes-validations: - - message: "Address is required" - rule: "has(self.address) || has(self.network)" - message: "UDS may not include ports" rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" required: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml index 248d4790a..2fae541ff 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml @@ -102,7 +102,7 @@ spec: - message: "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" rule: "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))" rules: - description: "Rules are a list of GRPC matchers, filters and actions." + description: "Rules are a list of GRPC matchers, filters and actions.\n\n\n" items: description: "GRPCRouteRule defines the semantics for matching a gRPC request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs)." properties: @@ -684,6 +684,12 @@ spec: type: "object" maxItems: 8 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended\n" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" sessionPersistence: description: "SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" properties: @@ -727,6 +733,8 @@ spec: x-kubernetes-validations: - message: "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128" rule: "(self.size() > 0 ? (has(self[0].matches) ? self[0].matches.size() : 0) : 0) + (self.size() > 1 ? (has(self[1].matches) ? self[1].matches.size() : 0) : 0) + (self.size() > 2 ? (has(self[2].matches) ? self[2].matches.size() : 0) : 0) + (self.size() > 3 ? (has(self[3].matches) ? self[3].matches.size() : 0) : 0) + (self.size() > 4 ? (has(self[4].matches) ? self[4].matches.size() : 0) : 0) + (self.size() > 5 ? (has(self[5].matches) ? self[5].matches.size() : 0) : 0) + (self.size() > 6 ? (has(self[6].matches) ? self[6].matches.size() : 0) : 0) + (self.size() > 7 ? (has(self[7].matches) ? self[7].matches.size() : 0) : 0) + (self.size() > 8 ? (has(self[8].matches) ? self[8].matches.size() : 0) : 0) + (self.size() > 9 ? (has(self[9].matches) ? self[9].matches.size() : 0) : 0) + (self.size() > 10 ? (has(self[10].matches) ? self[10].matches.size() : 0) : 0) + (self.size() > 11 ? (has(self[11].matches) ? self[11].matches.size() : 0) : 0) + (self.size() > 12 ? (has(self[12].matches) ? self[12].matches.size() : 0) : 0) + (self.size() > 13 ? (has(self[13].matches) ? self[13].matches.size() : 0) : 0) + (self.size() > 14 ? (has(self[14].matches) ? self[14].matches.size() : 0) : 0) + (self.size() > 15 ? (has(self[15].matches) ? self[15].matches.size() : 0) : 0) <= 128" + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" type: "object" status: description: "Status defines the current state of GRPCRoute." diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml index 2fca2c871..3f580d950 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml @@ -107,7 +107,7 @@ spec: - path: type: "PathPrefix" value: "/" - description: "Rules are a list of HTTP matchers, filters and actions." + description: "Rules are a list of HTTP matchers, filters and actions.\n\n\n" items: description: "HTTPRouteRule defines semantics for matching an HTTP request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs)." properties: @@ -983,6 +983,12 @@ spec: type: "object" maxItems: 64 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended\n" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" sessionPersistence: description: "SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" properties: @@ -1052,6 +1058,8 @@ spec: x-kubernetes-validations: - message: "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128" rule: "(self.size() > 0 ? self[0].matches.size() : 0) + (self.size() > 1 ? self[1].matches.size() : 0) + (self.size() > 2 ? self[2].matches.size() : 0) + (self.size() > 3 ? self[3].matches.size() : 0) + (self.size() > 4 ? self[4].matches.size() : 0) + (self.size() > 5 ? self[5].matches.size() : 0) + (self.size() > 6 ? self[6].matches.size() : 0) + (self.size() > 7 ? self[7].matches.size() : 0) + (self.size() > 8 ? self[8].matches.size() : 0) + (self.size() > 9 ? self[9].matches.size() : 0) + (self.size() > 10 ? self[10].matches.size() : 0) + (self.size() > 11 ? self[11].matches.size() : 0) + (self.size() > 12 ? self[12].matches.size() : 0) + (self.size() > 13 ? self[13].matches.size() : 0) + (self.size() > 14 ? self[14].matches.size() : 0) + (self.size() > 15 ? self[15].matches.size() : 0) <= 128" + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" type: "object" status: description: "Status defines the current state of HTTPRoute." diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml index fd482f1b7..8cb35ffcc 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml @@ -97,7 +97,7 @@ spec: - message: "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" rule: "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))" rules: - description: "Rules are a list of GRPC matchers, filters and actions." + description: "Rules are a list of GRPC matchers, filters and actions.\n\n\n" items: description: "GRPCRouteRule defines the semantics for matching a gRPC request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs)." properties: @@ -679,6 +679,12 @@ spec: type: "object" maxItems: 8 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended\n" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" sessionPersistence: description: "SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" properties: @@ -722,6 +728,8 @@ spec: x-kubernetes-validations: - message: "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128" rule: "(self.size() > 0 ? (has(self[0].matches) ? self[0].matches.size() : 0) : 0) + (self.size() > 1 ? (has(self[1].matches) ? self[1].matches.size() : 0) : 0) + (self.size() > 2 ? (has(self[2].matches) ? self[2].matches.size() : 0) : 0) + (self.size() > 3 ? (has(self[3].matches) ? self[3].matches.size() : 0) : 0) + (self.size() > 4 ? (has(self[4].matches) ? self[4].matches.size() : 0) : 0) + (self.size() > 5 ? (has(self[5].matches) ? self[5].matches.size() : 0) : 0) + (self.size() > 6 ? (has(self[6].matches) ? self[6].matches.size() : 0) : 0) + (self.size() > 7 ? (has(self[7].matches) ? self[7].matches.size() : 0) : 0) + (self.size() > 8 ? (has(self[8].matches) ? self[8].matches.size() : 0) : 0) + (self.size() > 9 ? (has(self[9].matches) ? self[9].matches.size() : 0) : 0) + (self.size() > 10 ? (has(self[10].matches) ? self[10].matches.size() : 0) : 0) + (self.size() > 11 ? (has(self[11].matches) ? self[11].matches.size() : 0) : 0) + (self.size() > 12 ? (has(self[12].matches) ? self[12].matches.size() : 0) : 0) + (self.size() > 13 ? (has(self[13].matches) ? self[13].matches.size() : 0) : 0) + (self.size() > 14 ? (has(self[14].matches) ? self[14].matches.size() : 0) : 0) + (self.size() > 15 ? (has(self[15].matches) ? self[15].matches.size() : 0) : 0) <= 128" + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" type: "object" status: description: "Status defines the current state of GRPCRoute." diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml index fee72f644..1b1c1f1b4 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml @@ -89,7 +89,7 @@ spec: - message: "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" rule: "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))" rules: - description: "Rules are a list of TCP matchers and actions." + description: "Rules are a list of TCP matchers and actions.\n\n\n" items: description: "TCPRouteRule is the configuration for a given rule." properties: @@ -144,10 +144,19 @@ spec: maxItems: 16 minItems: 1 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" type: "object" maxItems: 16 minItems: 1 type: "array" + x-kubernetes-validations: + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" required: - "rules" type: "object" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml index f549f24f5..10d77652a 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml @@ -99,7 +99,7 @@ spec: - message: "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" rule: "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))" rules: - description: "Rules are a list of TLS matchers and actions." + description: "Rules are a list of TLS matchers and actions.\n\n\n" items: description: "TLSRouteRule is the configuration for a given rule." properties: @@ -154,10 +154,19 @@ spec: maxItems: 16 minItems: 1 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" type: "object" maxItems: 16 minItems: 1 type: "array" + x-kubernetes-validations: + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" required: - "rules" type: "object" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml index 1b49bd9d7..6d03403dc 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml @@ -89,7 +89,7 @@ spec: - message: "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" rule: "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))" rules: - description: "Rules are a list of UDP matchers and actions." + description: "Rules are a list of UDP matchers and actions.\n\n\n" items: description: "UDPRouteRule is the configuration for a given rule." properties: @@ -144,10 +144,19 @@ spec: maxItems: 16 minItems: 1 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" type: "object" maxItems: 16 minItems: 1 type: "array" + x-kubernetes-validations: + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" required: - "rules" type: "object" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml index b0696bc3d..e99a166cd 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml @@ -107,7 +107,7 @@ spec: - path: type: "PathPrefix" value: "/" - description: "Rules are a list of HTTP matchers, filters and actions." + description: "Rules are a list of HTTP matchers, filters and actions.\n\n\n" items: description: "HTTPRouteRule defines semantics for matching an HTTP request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs)." properties: @@ -983,6 +983,12 @@ spec: type: "object" maxItems: 64 type: "array" + name: + description: "Name is the name of the route rule. This name MUST be unique within a Route if it is set.\n\n\nSupport: Extended\n" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" sessionPersistence: description: "SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" properties: @@ -1052,6 +1058,8 @@ spec: x-kubernetes-validations: - message: "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128" rule: "(self.size() > 0 ? self[0].matches.size() : 0) + (self.size() > 1 ? self[1].matches.size() : 0) + (self.size() > 2 ? self[2].matches.size() : 0) + (self.size() > 3 ? self[3].matches.size() : 0) + (self.size() > 4 ? self[4].matches.size() : 0) + (self.size() > 5 ? self[5].matches.size() : 0) + (self.size() > 6 ? self[6].matches.size() : 0) + (self.size() > 7 ? self[7].matches.size() : 0) + (self.size() > 8 ? self[8].matches.size() : 0) + (self.size() > 9 ? self[9].matches.size() : 0) + (self.size() > 10 ? self[10].matches.size() : 0) + (self.size() > 11 ? self[11].matches.size() : 0) + (self.size() > 12 ? self[12].matches.size() : 0) + (self.size() > 13 ? self[13].matches.size() : 0) + (self.size() > 14 ? self[14].matches.size() : 0) + (self.size() > 15 ? self[15].matches.size() : 0) <= 128" + - message: "Rule name must be unique within the route" + rule: "self.all(l1, !has(l1.name) || self.exists_one(l2, has(l2.name) && l1.name == l2.name))" type: "object" status: description: "Status defines the current state of HTTPRoute." diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml index 438964d88..c8e77aee3 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "circuitbreakers.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml index c32693de6..bb71e6bdb 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "containerpatches.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml index 863dda299..647fd90eb 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "dataplaneinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml index c937213ad..d1308ed05 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "dataplanes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml index ba4dbe4d1..c6adbce24 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "externalservices.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml index d51bcf128..dfd6b7599 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "faultinjections.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml index 91539cac1..09f689b1d 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "healthchecks.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml index aa1d9475d..900a47722 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshaccesslogs.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml index fd0037ad4..a4a291ade 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshcircuitbreakers.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml index 6a5d26f79..345fbcfe2 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml index f429e967e..b5e530e45 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshfaultinjections.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml index 1b5ac7be1..1f0f904e5 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshgatewayconfigs.kuma.io" spec: group: "kuma.io" @@ -88,13 +88,16 @@ spec: description: "Resources specifies the compute resources for the proxy container.\nThe default can be set in the control plane config." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml index 6221fe957..b5828dcf2 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshgatewayinstances.kuma.io" spec: group: "kuma.io" @@ -85,13 +85,16 @@ spec: description: "Resources specifies the compute resources for the proxy container.\nThe default can be set in the control plane config." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -163,7 +166,7 @@ spec: conditions: description: "Conditions is an array of gateway instance conditions." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -192,7 +195,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -229,7 +232,7 @@ spec: items: properties: error: - description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -238,10 +241,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "Protocol is the protocol of the service port of which status is recorded here\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml index 01b3ff8ba..08b8e645b 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshgatewayroutes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml index c0a4991b4..a4c52580e 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshgateways.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml index 04f79b06b..75f8e666f 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshhealthchecks.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml index 66ccf3aac..d4011c0f9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshhttproutes.kuma.io" spec: group: "kuma.io" @@ -208,7 +208,7 @@ spec: requestMirror: properties: backendRef: - description: "TODO forbid weight" + description: "BackendRef defines where to forward traffic." properties: kind: description: "Kind of the referenced resource" @@ -273,7 +273,7 @@ spec: requestRedirect: properties: hostname: - description: "PreciseHostname is the fully qualified domain name of a network host. This\nmatches the RFC 1123 definition of a hostname with 1 notable exception that\nnumeric IP addresses are not allowed.\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + description: "PreciseHostname is the fully qualified domain name of a network host. This\nmatches the RFC 1123 definition of a hostname with 1 notable exception that\nnumeric IP addresses are not allowed.\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml index 85f911677..3359d00b3 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml index 1fdd598bb..96d1f53d8 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshloadbalancingstrategies.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml index b2bcb4c0e..c68226992 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshproxypatches.kuma.io" spec: group: "kuma.io" @@ -82,7 +82,7 @@ spec: description: "Name of the cluster to match." type: "string" origin: - description: "Origin is the name of the component or plugin that generated the resource.\n\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." + description: "Origin is the name of the component or plugin that generated the resource.\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." type: "string" type: "object" operation: @@ -144,7 +144,7 @@ spec: description: "Name of the HTTP filter. For example \"envoy.filters.http.local_ratelimit\"" type: "string" origin: - description: "Origin is the name of the component or plugin that generated the resource.\n\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." + description: "Origin is the name of the component or plugin that generated the resource.\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." type: "string" type: "object" operation: @@ -201,7 +201,7 @@ spec: description: "Name of the listener to match." type: "string" origin: - description: "Origin is the name of the component or plugin that generated the resource.\n\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." + description: "Origin is the name of the component or plugin that generated the resource.\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." type: "string" tags: additionalProperties: @@ -268,7 +268,7 @@ spec: description: "Name of the network filter. For example \"envoy.filters.network.ratelimit\"" type: "string" origin: - description: "Origin is the name of the component or plugin that generated the resource.\n\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." + description: "Origin is the name of the component or plugin that generated the resource.\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." type: "string" type: "object" operation: @@ -325,7 +325,7 @@ spec: description: "Name of the VirtualHost to match." type: "string" origin: - description: "Origin is the name of the component or plugin that generated the resource.\n\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." + description: "Origin is the name of the component or plugin that generated the resource.\n\nHere is the list of well-known origins:\ninbound - resources generated for handling incoming traffic.\noutbound - resources generated for handling outgoing traffic.\ntransparent - resources generated for transparent proxy functionality.\nprometheus - resources generated when Prometheus metrics are enabled.\ndirect-access - resources generated for Direct Access functionality.\ningress - resources generated for Zone Ingress.\negress - resources generated for Zone Egress.\ngateway - resources generated for MeshGateway.\n\nThe list is not complete, because policy plugins can introduce new resources.\nFor example MeshTrace plugin can create Cluster with \"mesh-trace\" origin." type: "string" routeConfigurationName: description: "Name of the RouteConfiguration resource to match." diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml index 7f596aec6..f37106666 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshratelimits.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml index e19ce898c..a95ff5fa8 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshretries.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml index 01410b78b..aac15c2e9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshtcproutes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml index 22bcb007d..49dc22571 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshtimeouts.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml index f1806a2ab..0bb0bb08b 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshtraces.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml index 95e3a83e4..029418428 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "meshtrafficpermissions.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml index 1d4b10136..07ccc33e4 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "proxytemplates.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml index 84631f886..2114251d3 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ratelimits.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml index 5a884c1c6..2eb37c8cb 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "retries.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml index f71cfa374..03edf642f 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "serviceinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml index 15bbbac8e..302d61470 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "timeouts.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml index a5ce67fd3..3fcaa385f 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "trafficlogs.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml index 8797fa3d1..16ec7ee56 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "trafficpermissions.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml index ed5f8589a..53256251e 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "trafficroutes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml index 81e456d73..44356bb52 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "traffictraces.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml index b55acf138..8673e42bd 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "virtualoutbounds.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml index 64fa2a82d..052629886 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "zoneegresses.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml index 622e9d634..08edf9751 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "zoneegressinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml index 269617170..4e7b53052 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "zoneingresses.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml index 3eeb6b89e..43bac91d2 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "zoneingressinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml index 9ebb7b49e..e31cc234d 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "zoneinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml index dbf89c0f5..0f7cfd88b 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "zones.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml index 6d31e120d..8e2843ce5 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml @@ -738,138 +738,36 @@ spec: data: description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." x-kubernetes-preserve-unknown-fields: true - generateExisting: - description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." - type: "boolean" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - orphanDownstreamOnPolicyDelete: - description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." - type: "boolean" - synchronize: - description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." - type: "boolean" - uid: - description: "UID specifies the resource uid." - type: "string" - type: "object" - imageExtractors: - additionalProperties: - items: - properties: - jmesPath: - description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." - type: "string" - key: - description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." - type: "string" - name: - description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." - type: "string" - path: - description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." - type: "string" - value: - description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." - type: "string" - required: - - "path" - type: "object" - type: "array" - description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." - type: "object" - match: - description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." - properties: - all: - description: "All allows specifying resources which will be ANDed" + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -902,483 +800,160 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." + context: + description: "Context defines variables and data sources that can be used during rule execution." items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" - items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" - properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" required: - - "key" - - "operator" + - "url" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + description: "Name is the variable name." type: "string" - required: - - "kind" - - "name" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" type: "object" - x-kubernetes-map-type: "atomic" type: "array" - type: "object" - type: "array" - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true + kind: + description: "Kind specifies resource kind." type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: + name: + description: "Name specifies the resource name." type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" + namespace: + description: "Namespace specifies resource namespace." type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - mutate: - description: "Mutation is used to modify matching resources." - properties: - foreach: - description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - items: - description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - properties: - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." - properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." - type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." - type: "string" - required: - - "url" - type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." - type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" - type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" - properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." - items: - type: "string" - type: "array" - type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" - type: "string" - required: - - "reference" - type: "object" - name: - description: "Name is the variable name." - type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "object" - type: "array" - foreach: - description: "Foreach declares a nested foreach iterator" - x-kubernetes-preserve-unknown-fields: true - list: - description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." - type: "string" - order: - description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." - enum: - - "Ascending" - - "Descending" - type: "string" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." - type: "string" - preconditions: - description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - properties: - all: - description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" - items: - description: "Condition defines variable-based conditional criteria for rule execution." - properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" type: "string" operator: description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" @@ -1443,556 +1018,1266 @@ spec: type: "array" type: "object" x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" type: "object" type: "array" - mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + generateExisting: + description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + kind: + description: "Kind specifies resource kind." type: "string" - targets: - description: "Targets defines the target resources to be mutated." - items: - description: "TargetResourceSpec defines targets for mutating existing resources." - properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + orphanDownstreamOnPolicyDelete: + description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." + type: "boolean" + synchronize: + description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." + type: "boolean" + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + imageExtractors: + additionalProperties: + items: + properties: + jmesPath: + description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." + type: "string" + key: + description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." + type: "string" + name: + description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." + type: "string" + path: + description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." + type: "string" + value: + description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." + type: "string" + required: + - "path" + type: "object" + type: "array" + description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." + type: "object" + match: + description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + properties: + all: + description: "All allows specifying resources which will be ANDed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + key: + description: "key is the label key that the selector applies to." type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" required: - - "url" + - "key" + - "operator" type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." - type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - required: - - "reference" - type: "object" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" name: - description: "Name is the variable name." + description: "Name of the object being referenced." type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - x-kubernetes-preserve-unknown-fields: true - uid: - description: "UID specifies the resource uid." - type: "string" type: "object" type: "array" - type: "object" - name: - description: "Name is a label to identify the rule, It must be unique within the policy." - maxLength: 63 - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - x-kubernetes-preserve-unknown-fields: true - skipBackgroundRequests: - default: true - description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." - type: "boolean" - validate: - description: "Validation is used to validate matching resources." - properties: - anyPattern: - description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." - x-kubernetes-preserve-unknown-fields: true - assert: - description: "Assert defines a kyverno-json assertion tree." - type: "object" - x-kubernetes-preserve-unknown-fields: true - cel: - description: "CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/)." - properties: - auditAnnotations: - description: "AuditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request." - items: - description: "AuditAnnotation describes how to produce an audit annotation for an API request." - properties: - key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." - type: "string" - valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." - type: "string" - required: - - "key" - - "valueExpression" - type: "object" - type: "array" - expressions: - description: "Expressions is a list of CELExpression types." - items: - description: "Validation specifies the CEL expression which is used to apply the validation." - properties: - expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." - type: "string" - message: - description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." - type: "string" - messageExpression: - description: "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.\nSince messageExpression is used as a failure message, it must evaluate to a string.\nIf both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.\nIf messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced\nas if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string\nthat contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and\nthe fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.\nmessageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.\nExample:\n\"object.x must be less than max (\"+string(params.max)+\")\"" - type: "string" - reason: - description: "Reason represents a machine-readable description of why this validation failed.\nIf this is the first validation in the list to fail, this reason, as well as the\ncorresponding HTTP response code, are used in the\nHTTP response to the client.\nThe currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\".\nIf not set, StatusReasonInvalid is used in the response to the client." - type: "string" - required: - - "expression" - type: "object" - type: "array" - paramKind: - description: "ParamKind is a tuple of Group Kind and Version." - properties: - apiVersion: - description: "APIVersion is the API group version the resources belong to.\nIn format of \"group/version\".\nRequired." - type: "string" - kind: - description: "Kind is the API kind the resources belong to.\nRequired." - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - paramRef: - description: "ParamRef references a parameter resource." - properties: - name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." - type: "string" - namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." - type: "string" - parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + any: + description: "Any allows specifying resources which will be ORed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: type: "string" - selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - x-kubernetes-map-type: "atomic" - variables: - description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." - items: - description: "Variable is the definition of a variable that is used for composition." + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." properties: - expression: - description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." - type: "string" + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" name: - description: "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.\nThe variable can be accessed in other expressions through `variables`\nFor example, if name is \"foo\", the variable will be available as `variables.foo`" + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." type: "string" - required: - - "expression" - - "name" - type: "object" - type: "array" - type: "object" - deny: - description: "Deny defines conditions used to pass or fail a validation rule." - properties: - conditions: - description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" - x-kubernetes-preserve-unknown-fields: true - type: "object" - foreach: - description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - items: - description: "ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - properties: - anyPattern: - description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." - x-kubernetes-preserve-unknown-fields: true - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + key: + description: "key is the label key that the selector applies to." type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" required: - - "url" + - "key" + - "operator" type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" - type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - required: - - "reference" - type: "object" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" name: - description: "Name is the variable name." + description: "Name of the object being referenced." type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" - deny: - description: "Deny defines conditions used to pass or fail a validation rule." - properties: - conditions: - description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" - x-kubernetes-preserve-unknown-fields: true - type: "object" - elementScope: - description: "ElementScope specifies whether to use the current list element as the scope for validation. Defaults to \"true\" if not specified.\nWhen set to \"false\", \"request.object\" is used as the validation scope within the foreach\nblock to allow referencing other elements in the subtree." - type: "boolean" - foreach: - description: "Foreach declares a nested foreach iterator" - x-kubernetes-preserve-unknown-fields: true - list: - description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." - type: "string" - pattern: - description: "Pattern specifies an overlay-style pattern used to check resources." - x-kubernetes-preserve-unknown-fields: true - preconditions: - description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - properties: - all: - description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" - items: - description: "Condition defines variable-based conditional criteria for rule execution." - properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" - type: "string" - operator: - description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" - enum: - - "Equals" - - "NotEquals" - - "In" - - "AnyIn" - - "AllIn" - - "NotIn" - - "AnyNotIn" - - "AllNotIn" - - "GreaterThanOrEquals" - - "GreaterThan" - - "LessThanOrEquals" - - "LessThan" - - "DurationGreaterThanOrEquals" - - "DurationGreaterThan" - - "DurationLessThanOrEquals" - - "DurationLessThan" - type: "string" - value: - description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "array" - any: - description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" - items: - description: "Condition defines variable-based conditional criteria for rule execution." - properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" - type: "string" - operator: - description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" - enum: - - "Equals" - - "NotEquals" - - "In" - - "AnyIn" - - "AllIn" - - "NotIn" - - "AnyNotIn" - - "AllNotIn" - - "GreaterThanOrEquals" - - "GreaterThan" - - "LessThanOrEquals" - - "LessThan" - - "DurationGreaterThanOrEquals" - - "DurationGreaterThan" - - "DurationLessThanOrEquals" - - "DurationLessThan" - type: "string" - value: - description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "array" - type: "object" - x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" - manifests: - description: "Manifest specifies conditions for manifest verification" + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." properties: - annotationDomain: - description: "AnnotationDomain is custom domain of annotation for message and signature. Default is \"cosign.sigstore.dev\"." - type: "string" - attestors: - description: "Attestors specified the required attestors (i.e. authorities)" + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." items: - properties: - count: - description: "Count specifies the required number of entries that must match. If the count is null, all entries must match\n(a logical AND). If the count is 1, at least one entry must match (a logical OR). If the count contains a\nvalue N, then N must be less than or equal to the size of entries, and at least N entries must match." + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + mutate: + description: "Mutation is used to modify matching resources." + properties: + foreach: + description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + items: + description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + properties: + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + foreach: + description: "Foreach declares a nested foreach iterator" + x-kubernetes-preserve-unknown-fields: true + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." + type: "string" + order: + description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." + enum: + - "Ascending" + - "Descending" + type: "string" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + targets: + description: "Targets defines the target resources to be mutated." + items: + description: "TargetResourceSpec defines targets for mutating existing resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + kind: + description: "Kind specifies resource kind." + type: "string" + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + type: "array" + type: "object" + name: + description: "Name is a label to identify the rule, It must be unique within the policy." + maxLength: 63 + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + x-kubernetes-preserve-unknown-fields: true + skipBackgroundRequests: + default: true + description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." + type: "boolean" + validate: + description: "Validation is used to validate matching resources." + properties: + anyPattern: + description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." + x-kubernetes-preserve-unknown-fields: true + assert: + description: "Assert defines a kyverno-json assertion tree." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cel: + description: "CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/)." + properties: + auditAnnotations: + description: "AuditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request." + items: + description: "AuditAnnotation describes how to produce an audit annotation for an API request." + properties: + key: + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + type: "string" + valueExpression: + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + type: "string" + required: + - "key" + - "valueExpression" + type: "object" + type: "array" + expressions: + description: "Expressions is a list of CELExpression types." + items: + description: "Validation specifies the CEL expression which is used to apply the validation." + properties: + expression: + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + type: "string" + message: + description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." + type: "string" + messageExpression: + description: "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.\nSince messageExpression is used as a failure message, it must evaluate to a string.\nIf both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.\nIf messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced\nas if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string\nthat contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and\nthe fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.\nmessageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.\nExample:\n\"object.x must be less than max (\"+string(params.max)+\")\"" + type: "string" + reason: + description: "Reason represents a machine-readable description of why this validation failed.\nIf this is the first validation in the list to fail, this reason, as well as the\ncorresponding HTTP response code, are used in the\nHTTP response to the client.\nThe currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\".\nIf not set, StatusReasonInvalid is used in the response to the client." + type: "string" + required: + - "expression" + type: "object" + type: "array" + paramKind: + description: "ParamKind is a tuple of Group Kind and Version." + properties: + apiVersion: + description: "APIVersion is the API group version the resources belong to.\nIn format of \"group/version\".\nRequired." + type: "string" + kind: + description: "Kind is the API kind the resources belong to.\nRequired." + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + paramRef: + description: "ParamRef references a parameter resource." + properties: + name: + description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + type: "string" + namespace: + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + type: "string" + parameterNotFoundAction: + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + type: "string" + selector: + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + x-kubernetes-map-type: "atomic" + variables: + description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." + items: + description: "Variable is the definition of a variable that is used for composition." + properties: + expression: + description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." + type: "string" + name: + description: "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.\nThe variable can be accessed in other expressions through `variables`\nFor example, if name is \"foo\", the variable will be available as `variables.foo`" + type: "string" + required: + - "expression" + - "name" + type: "object" + type: "array" + type: "object" + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + foreach: + description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + items: + description: "ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + properties: + anyPattern: + description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." + x-kubernetes-preserve-unknown-fields: true + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + elementScope: + description: "ElementScope specifies whether to use the current list element as the scope for validation. Defaults to \"true\" if not specified.\nWhen set to \"false\", \"request.object\" is used as the validation scope within the foreach\nblock to allow referencing other elements in the subtree." + type: "boolean" + foreach: + description: "Foreach declares a nested foreach iterator" + x-kubernetes-preserve-unknown-fields: true + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." + type: "string" + pattern: + description: "Pattern specifies an overlay-style pattern used to check resources." + x-kubernetes-preserve-unknown-fields: true + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + manifests: + description: "Manifest specifies conditions for manifest verification" + properties: + annotationDomain: + description: "AnnotationDomain is custom domain of annotation for message and signature. Default is \"cosign.sigstore.dev\"." + type: "string" + attestors: + description: "Attestors specified the required attestors (i.e. authorities)" + items: + properties: + count: + description: "Count specifies the required number of entries that must match. If the count is null, all entries must match\n(a logical AND). If the count is 1, at least one entry must match (a logical OR). If the count contains a\nvalue N, then N must be less than or equal to the size of entries, and at least N entries must match." minimum: 1.0 type: "integer" entries: @@ -2825,9 +3110,10 @@ spec: description: "Deprecated. Use KeylessAttestor instead." type: "string" type: - description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." + description: "Type specifies the method of signature validation. The allowed options\nare Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: @@ -3070,45 +3356,189 @@ spec: - "google" - "github" type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." - items: + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + exclude: + description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + properties: + all: + description: "All allows specifying resources which will be ANDed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." type: "string" - type: "array" - type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" - type: "string" - required: - - "reference" - type: "object" - name: - description: "Name is the variable name." - type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" type: "object" - type: "object" - type: "array" - exclude: - description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." - properties: - all: - description: "All allows specifying resources which will be ANDed" + type: "array" + any: + description: "Any allows specifying resources which will be ORed" items: description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: @@ -3247,43 +3677,242 @@ spec: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + type: "array" + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + generate: + description: "Generation is used to create new resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." + properties: + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3315,288 +3944,230 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "object" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" + type: "array" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + description: "Kind specifies resource kind." + type: "string" + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" name: - description: "Name of the object being referenced." + description: "Name specifies the resource name." type: "string" namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." type: "string" - required: - - "kind" - - "name" type: "object" - x-kubernetes-map-type: "atomic" type: "array" - type: "object" - generate: - description: "Generation is used to create new resources." - properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - clone: - description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." - properties: - name: - description: "Name specifies name of the resource." - type: "string" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - type: "object" - cloneList: - description: "CloneList specifies the list of source resource used to populate each generated resource." - properties: - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - data: - description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." - x-kubernetes-preserve-unknown-fields: true generateExisting: description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" @@ -5684,9 +6255,10 @@ spec: description: "Deprecated. Use KeylessAttestor instead." type: "string" type: - description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." + description: "Type specifies the method of signature validation. The allowed options\nare Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml index f5e299457..b455ef7fb 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml @@ -738,138 +738,36 @@ spec: data: description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." x-kubernetes-preserve-unknown-fields: true - generateExisting: - description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." - type: "boolean" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - orphanDownstreamOnPolicyDelete: - description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." - type: "boolean" - synchronize: - description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." - type: "boolean" - uid: - description: "UID specifies the resource uid." - type: "string" - type: "object" - imageExtractors: - additionalProperties: - items: - properties: - jmesPath: - description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." - type: "string" - key: - description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." - type: "string" - name: - description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." - type: "string" - path: - description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." - type: "string" - value: - description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." - type: "string" - required: - - "path" - type: "object" - type: "array" - description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." - type: "object" - match: - description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." - properties: - all: - description: "All allows specifying resources which will be ANDed" + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -902,483 +800,160 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." + context: + description: "Context defines variables and data sources that can be used during rule execution." items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" - items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" - properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" required: - - "key" - - "operator" + - "url" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + description: "Name is the variable name." type: "string" - required: - - "kind" - - "name" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" type: "object" - x-kubernetes-map-type: "atomic" type: "array" - type: "object" - type: "array" - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true + kind: + description: "Kind specifies resource kind." type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: + name: + description: "Name specifies the resource name." type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" + namespace: + description: "Namespace specifies resource namespace." type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - mutate: - description: "Mutation is used to modify matching resources." - properties: - foreach: - description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - items: - description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - properties: - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." - properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." - type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." - type: "string" - required: - - "url" - type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." - type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" - type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" - properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." - items: - type: "string" - type: "array" - type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" - type: "string" - required: - - "reference" - type: "object" - name: - description: "Name is the variable name." - type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "object" - type: "array" - foreach: - description: "Foreach declares a nested foreach iterator" - x-kubernetes-preserve-unknown-fields: true - list: - description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." - type: "string" - order: - description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." - enum: - - "Ascending" - - "Descending" - type: "string" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." - type: "string" - preconditions: - description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - properties: - all: - description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" - items: - description: "Condition defines variable-based conditional criteria for rule execution." - properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" type: "string" operator: description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" @@ -1443,556 +1018,1266 @@ spec: type: "array" type: "object" x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" type: "object" type: "array" - mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + generateExisting: + description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + kind: + description: "Kind specifies resource kind." type: "string" - targets: - description: "Targets defines the target resources to be mutated." - items: - description: "TargetResourceSpec defines targets for mutating existing resources." - properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + orphanDownstreamOnPolicyDelete: + description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." + type: "boolean" + synchronize: + description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." + type: "boolean" + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + imageExtractors: + additionalProperties: + items: + properties: + jmesPath: + description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." + type: "string" + key: + description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." + type: "string" + name: + description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." + type: "string" + path: + description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." + type: "string" + value: + description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." + type: "string" + required: + - "path" + type: "object" + type: "array" + description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." + type: "object" + match: + description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + properties: + all: + description: "All allows specifying resources which will be ANDed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + key: + description: "key is the label key that the selector applies to." type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" required: - - "url" + - "key" + - "operator" type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." - type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - required: - - "reference" - type: "object" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" name: - description: "Name is the variable name." + description: "Name of the object being referenced." type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - x-kubernetes-preserve-unknown-fields: true - uid: - description: "UID specifies the resource uid." - type: "string" type: "object" type: "array" - type: "object" - name: - description: "Name is a label to identify the rule, It must be unique within the policy." - maxLength: 63 - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - x-kubernetes-preserve-unknown-fields: true - skipBackgroundRequests: - default: true - description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." - type: "boolean" - validate: - description: "Validation is used to validate matching resources." - properties: - anyPattern: - description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." - x-kubernetes-preserve-unknown-fields: true - assert: - description: "Assert defines a kyverno-json assertion tree." - type: "object" - x-kubernetes-preserve-unknown-fields: true - cel: - description: "CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/)." - properties: - auditAnnotations: - description: "AuditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request." - items: - description: "AuditAnnotation describes how to produce an audit annotation for an API request." - properties: - key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." - type: "string" - valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." - type: "string" - required: - - "key" - - "valueExpression" - type: "object" - type: "array" - expressions: - description: "Expressions is a list of CELExpression types." - items: - description: "Validation specifies the CEL expression which is used to apply the validation." - properties: - expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." - type: "string" - message: - description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." - type: "string" - messageExpression: - description: "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.\nSince messageExpression is used as a failure message, it must evaluate to a string.\nIf both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.\nIf messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced\nas if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string\nthat contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and\nthe fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.\nmessageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.\nExample:\n\"object.x must be less than max (\"+string(params.max)+\")\"" - type: "string" - reason: - description: "Reason represents a machine-readable description of why this validation failed.\nIf this is the first validation in the list to fail, this reason, as well as the\ncorresponding HTTP response code, are used in the\nHTTP response to the client.\nThe currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\".\nIf not set, StatusReasonInvalid is used in the response to the client." - type: "string" - required: - - "expression" - type: "object" - type: "array" - paramKind: - description: "ParamKind is a tuple of Group Kind and Version." - properties: - apiVersion: - description: "APIVersion is the API group version the resources belong to.\nIn format of \"group/version\".\nRequired." - type: "string" - kind: - description: "Kind is the API kind the resources belong to.\nRequired." - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - paramRef: - description: "ParamRef references a parameter resource." - properties: - name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." - type: "string" - namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." - type: "string" - parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + any: + description: "Any allows specifying resources which will be ORed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: type: "string" - selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - x-kubernetes-map-type: "atomic" - variables: - description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." - items: - description: "Variable is the definition of a variable that is used for composition." + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." properties: - expression: - description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." - type: "string" + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" name: - description: "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.\nThe variable can be accessed in other expressions through `variables`\nFor example, if name is \"foo\", the variable will be available as `variables.foo`" + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." type: "string" - required: - - "expression" - - "name" - type: "object" - type: "array" - type: "object" - deny: - description: "Deny defines conditions used to pass or fail a validation rule." - properties: - conditions: - description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" - x-kubernetes-preserve-unknown-fields: true - type: "object" - foreach: - description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - items: - description: "ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - properties: - anyPattern: - description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." - x-kubernetes-preserve-unknown-fields: true - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + key: + description: "key is the label key that the selector applies to." type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" required: - - "url" + - "key" + - "operator" type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" - type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - required: - - "reference" - type: "object" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" name: - description: "Name is the variable name." + description: "Name of the object being referenced." type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" - deny: - description: "Deny defines conditions used to pass or fail a validation rule." - properties: - conditions: - description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" - x-kubernetes-preserve-unknown-fields: true - type: "object" - elementScope: - description: "ElementScope specifies whether to use the current list element as the scope for validation. Defaults to \"true\" if not specified.\nWhen set to \"false\", \"request.object\" is used as the validation scope within the foreach\nblock to allow referencing other elements in the subtree." - type: "boolean" - foreach: - description: "Foreach declares a nested foreach iterator" - x-kubernetes-preserve-unknown-fields: true - list: - description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." - type: "string" - pattern: - description: "Pattern specifies an overlay-style pattern used to check resources." - x-kubernetes-preserve-unknown-fields: true - preconditions: - description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - properties: - all: - description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" - items: - description: "Condition defines variable-based conditional criteria for rule execution." - properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" - type: "string" - operator: - description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" - enum: - - "Equals" - - "NotEquals" - - "In" - - "AnyIn" - - "AllIn" - - "NotIn" - - "AnyNotIn" - - "AllNotIn" - - "GreaterThanOrEquals" - - "GreaterThan" - - "LessThanOrEquals" - - "LessThan" - - "DurationGreaterThanOrEquals" - - "DurationGreaterThan" - - "DurationLessThanOrEquals" - - "DurationLessThan" - type: "string" - value: - description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "array" - any: - description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" - items: - description: "Condition defines variable-based conditional criteria for rule execution." - properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" - type: "string" - operator: - description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" - enum: - - "Equals" - - "NotEquals" - - "In" - - "AnyIn" - - "AllIn" - - "NotIn" - - "AnyNotIn" - - "AllNotIn" - - "GreaterThanOrEquals" - - "GreaterThan" - - "LessThanOrEquals" - - "LessThan" - - "DurationGreaterThanOrEquals" - - "DurationGreaterThan" - - "DurationLessThanOrEquals" - - "DurationLessThan" - type: "string" - value: - description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." - x-kubernetes-preserve-unknown-fields: true - type: "object" - type: "array" - type: "object" - x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" - manifests: - description: "Manifest specifies conditions for manifest verification" + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." properties: - annotationDomain: - description: "AnnotationDomain is custom domain of annotation for message and signature. Default is \"cosign.sigstore.dev\"." - type: "string" - attestors: - description: "Attestors specified the required attestors (i.e. authorities)" + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." items: - properties: - count: - description: "Count specifies the required number of entries that must match. If the count is null, all entries must match\n(a logical AND). If the count is 1, at least one entry must match (a logical OR). If the count contains a\nvalue N, then N must be less than or equal to the size of entries, and at least N entries must match." + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + mutate: + description: "Mutation is used to modify matching resources." + properties: + foreach: + description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + items: + description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + properties: + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + foreach: + description: "Foreach declares a nested foreach iterator" + x-kubernetes-preserve-unknown-fields: true + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." + type: "string" + order: + description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." + enum: + - "Ascending" + - "Descending" + type: "string" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + targets: + description: "Targets defines the target resources to be mutated." + items: + description: "TargetResourceSpec defines targets for mutating existing resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + kind: + description: "Kind specifies resource kind." + type: "string" + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + type: "array" + type: "object" + name: + description: "Name is a label to identify the rule, It must be unique within the policy." + maxLength: 63 + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + x-kubernetes-preserve-unknown-fields: true + skipBackgroundRequests: + default: true + description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." + type: "boolean" + validate: + description: "Validation is used to validate matching resources." + properties: + anyPattern: + description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." + x-kubernetes-preserve-unknown-fields: true + assert: + description: "Assert defines a kyverno-json assertion tree." + type: "object" + x-kubernetes-preserve-unknown-fields: true + cel: + description: "CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/)." + properties: + auditAnnotations: + description: "AuditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request." + items: + description: "AuditAnnotation describes how to produce an audit annotation for an API request." + properties: + key: + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + type: "string" + valueExpression: + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + type: "string" + required: + - "key" + - "valueExpression" + type: "object" + type: "array" + expressions: + description: "Expressions is a list of CELExpression types." + items: + description: "Validation specifies the CEL expression which is used to apply the validation." + properties: + expression: + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + type: "string" + message: + description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." + type: "string" + messageExpression: + description: "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.\nSince messageExpression is used as a failure message, it must evaluate to a string.\nIf both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.\nIf messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced\nas if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string\nthat contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and\nthe fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.\nmessageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.\nExample:\n\"object.x must be less than max (\"+string(params.max)+\")\"" + type: "string" + reason: + description: "Reason represents a machine-readable description of why this validation failed.\nIf this is the first validation in the list to fail, this reason, as well as the\ncorresponding HTTP response code, are used in the\nHTTP response to the client.\nThe currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\".\nIf not set, StatusReasonInvalid is used in the response to the client." + type: "string" + required: + - "expression" + type: "object" + type: "array" + paramKind: + description: "ParamKind is a tuple of Group Kind and Version." + properties: + apiVersion: + description: "APIVersion is the API group version the resources belong to.\nIn format of \"group/version\".\nRequired." + type: "string" + kind: + description: "Kind is the API kind the resources belong to.\nRequired." + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + paramRef: + description: "ParamRef references a parameter resource." + properties: + name: + description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + type: "string" + namespace: + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + type: "string" + parameterNotFoundAction: + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + type: "string" + selector: + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + x-kubernetes-map-type: "atomic" + variables: + description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." + items: + description: "Variable is the definition of a variable that is used for composition." + properties: + expression: + description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." + type: "string" + name: + description: "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.\nThe variable can be accessed in other expressions through `variables`\nFor example, if name is \"foo\", the variable will be available as `variables.foo`" + type: "string" + required: + - "expression" + - "name" + type: "object" + type: "array" + type: "object" + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + foreach: + description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + items: + description: "ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + properties: + anyPattern: + description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." + x-kubernetes-preserve-unknown-fields: true + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + elementScope: + description: "ElementScope specifies whether to use the current list element as the scope for validation. Defaults to \"true\" if not specified.\nWhen set to \"false\", \"request.object\" is used as the validation scope within the foreach\nblock to allow referencing other elements in the subtree." + type: "boolean" + foreach: + description: "Foreach declares a nested foreach iterator" + x-kubernetes-preserve-unknown-fields: true + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." + type: "string" + pattern: + description: "Pattern specifies an overlay-style pattern used to check resources." + x-kubernetes-preserve-unknown-fields: true + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + manifests: + description: "Manifest specifies conditions for manifest verification" + properties: + annotationDomain: + description: "AnnotationDomain is custom domain of annotation for message and signature. Default is \"cosign.sigstore.dev\"." + type: "string" + attestors: + description: "Attestors specified the required attestors (i.e. authorities)" + items: + properties: + count: + description: "Count specifies the required number of entries that must match. If the count is null, all entries must match\n(a logical AND). If the count is 1, at least one entry must match (a logical OR). If the count contains a\nvalue N, then N must be less than or equal to the size of entries, and at least N entries must match." minimum: 1.0 type: "integer" entries: @@ -2825,9 +3110,10 @@ spec: description: "Deprecated. Use KeylessAttestor instead." type: "string" type: - description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." + description: "Type specifies the method of signature validation. The allowed options\nare Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: @@ -3070,45 +3356,189 @@ spec: - "google" - "github" type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." - items: + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + exclude: + description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + properties: + all: + description: "All allows specifying resources which will be ANDed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." type: "string" - type: "array" - type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" - type: "string" - required: - - "reference" - type: "object" - name: - description: "Name is the variable name." - type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" type: "object" - type: "object" - type: "array" - exclude: - description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." - properties: - all: - description: "All allows specifying resources which will be ANDed" + type: "array" + any: + description: "Any allows specifying resources which will be ORed" items: description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: @@ -3247,43 +3677,242 @@ spec: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + type: "array" + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + generate: + description: "Generation is used to create new resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." + properties: + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3315,288 +3944,230 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "object" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" + type: "array" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + description: "Kind specifies resource kind." + type: "string" + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" name: - description: "Name of the object being referenced." + description: "Name specifies the resource name." type: "string" namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." type: "string" - required: - - "kind" - - "name" type: "object" - x-kubernetes-map-type: "atomic" type: "array" - type: "object" - generate: - description: "Generation is used to create new resources." - properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - clone: - description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." - properties: - name: - description: "Name specifies name of the resource." - type: "string" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - type: "object" - cloneList: - description: "CloneList specifies the list of source resource used to populate each generated resource." - properties: - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - data: - description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." - x-kubernetes-preserve-unknown-fields: true generateExisting: description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" @@ -5684,9 +6255,10 @@ spec: description: "Deprecated. Use KeylessAttestor instead." type: "string" type: - description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." + description: "Type specifies the method of signature validation. The allowed options\nare Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml index af7bd5ebc..a22fa3d0c 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml @@ -77,6 +77,11 @@ spec: description: "RefreshInterval defines the interval in duration at which to poll the APICall.\nThe duration is a sequence of decimal numbers, each with optional fraction and a unit suffix,\nsuch as \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"." format: "duration" type: "string" + retryLimit: + default: 3 + description: "RetryLimit defines the number of times the APICall should be retried in case of failure." + minimum: 1.0 + type: "integer" service: description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml index bb4891334..32efe7766 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml @@ -601,138 +601,36 @@ spec: data: description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." x-kubernetes-preserve-unknown-fields: true - generateExisting: - description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." - type: "boolean" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - orphanDownstreamOnPolicyDelete: - description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." - type: "boolean" - synchronize: - description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." - type: "boolean" - uid: - description: "UID specifies the resource uid." - type: "string" - type: "object" - imageExtractors: - additionalProperties: - items: - properties: - jmesPath: - description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." - type: "string" - key: - description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." - type: "string" - name: - description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." - type: "string" - path: - description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." - type: "string" - value: - description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." - type: "string" - required: - - "path" - type: "object" - type: "array" - description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." - type: "object" - match: - description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." - properties: - all: - description: "All allows specifying resources which will be ANDed" + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -765,237 +663,54 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." + context: + description: "Context defines variables and data sources that can be used during rule execution." items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" - items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" - properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" required: - - "key" - - "operator" + - "url" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - type: "object" - mutate: - description: "Mutation is used to modify matching resources." - properties: - foreach: - description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - items: - description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - properties: - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." - properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." - type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." - type: "string" - required: - - "url" - type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." type: "string" type: "object" configMap: @@ -1074,23 +789,20 @@ spec: type: "object" type: "object" type: "array" - foreach: - description: "Foreach declares a nested foreach iterator" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." x-kubernetes-preserve-unknown-fields: true + kind: + description: "Kind specifies resource kind." + type: "string" list: description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" - order: - description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." - enum: - - "Ascending" - - "Descending" + name: + description: "Name specifies the resource name." type: "string" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + namespace: + description: "Namespace specifies resource namespace." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -1169,206 +881,779 @@ spec: type: "array" type: "object" x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" type: "object" type: "array" - mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + generateExisting: + description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + kind: + description: "Kind specifies resource kind." type: "string" - targets: - description: "Targets defines the target resources to be mutated." + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + orphanDownstreamOnPolicyDelete: + description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." + type: "boolean" + synchronize: + description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." + type: "boolean" + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + imageExtractors: + additionalProperties: + items: + properties: + jmesPath: + description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." + type: "string" + key: + description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." + type: "string" + name: + description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." + type: "string" + path: + description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." + type: "string" + value: + description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." + type: "string" + required: + - "path" + type: "object" + type: "array" + description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." + type: "object" + match: + description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + properties: + all: + description: "All allows specifying resources which will be ANDed" items: - description: "TargetResourceSpec defines targets for mutating existing resources." + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - context: - description: "Context defines variables and data sources that can be used during rule execution." + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + key: + description: "key is the label key that the selector applies to." type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" required: - - "url" + - "key" + - "operator" type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." - type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - required: - - "reference" - type: "object" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" name: - description: "Name is the variable name." + description: "Name of the object being referenced." type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - x-kubernetes-preserve-unknown-fields: true - uid: - description: "UID specifies the resource uid." - type: "string" type: "object" type: "array" - type: "object" - name: - description: "Name is a label to identify the rule, It must be unique within the policy." - maxLength: 63 - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - properties: - all: - description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass." + any: + description: "Any allows specifying resources which will be ORed" items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" - type: "string" - operator: - description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" - enum: - - "Equals" - - "NotEquals" - - "AnyIn" - - "AllIn" - - "AnyNotIn" - - "AllNotIn" - - "GreaterThanOrEquals" - - "GreaterThan" - - "LessThanOrEquals" - - "LessThan" - - "DurationGreaterThanOrEquals" - - "DurationGreaterThan" - - "DurationLessThanOrEquals" - - "DurationLessThan" - type: "string" - value: - description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + type: "array" + type: "object" + mutate: + description: "Mutation is used to modify matching resources." + properties: + foreach: + description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + items: + description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + properties: + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + foreach: + description: "Foreach declares a nested foreach iterator" + x-kubernetes-preserve-unknown-fields: true + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." + type: "string" + order: + description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." + enum: + - "Ascending" + - "Descending" + type: "string" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + targets: + description: "Targets defines the target resources to be mutated." + items: + description: "TargetResourceSpec defines targets for mutating existing resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + kind: + description: "Kind specifies resource kind." + type: "string" + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + type: "array" + type: "object" + name: + description: "Name is a label to identify the rule, It must be unique within the policy." + maxLength: 63 + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass." + items: + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "AnyIn" + - "AllIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" @@ -2660,6 +2945,7 @@ spec: description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: @@ -2902,45 +3188,189 @@ spec: - "google" - "github" type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." - items: + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + exclude: + description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + properties: + all: + description: "All allows specifying resources which will be ANDed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." type: "string" - type: "array" - type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" - type: "string" - required: - - "reference" - type: "object" - name: - description: "Name is the variable name." - type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" type: "object" - type: "object" - type: "array" - exclude: - description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." - properties: - all: - description: "All allows specifying resources which will be ANDed" + type: "array" + any: + description: "Any allows specifying resources which will be ORed" items: description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: @@ -3079,43 +3509,242 @@ spec: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + type: "array" + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + generate: + description: "Generation is used to create new resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." + properties: + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3147,288 +3776,230 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "object" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" + type: "array" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + description: "Kind specifies resource kind." + type: "string" + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" name: - description: "Name of the object being referenced." + description: "Name specifies the resource name." type: "string" namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." type: "string" - required: - - "kind" - - "name" type: "object" - x-kubernetes-map-type: "atomic" type: "array" - type: "object" - generate: - description: "Generation is used to create new resources." - properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - clone: - description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." - properties: - name: - description: "Name specifies name of the resource." - type: "string" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - type: "object" - cloneList: - description: "CloneList specifies the list of source resource used to populate each generated resource." - properties: - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - data: - description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." - x-kubernetes-preserve-unknown-fields: true generateExisting: description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" @@ -5516,9 +6087,10 @@ spec: description: "Deprecated. Use KeylessAttestor instead." type: "string" type: - description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." + description: "Type specifies the method of signature validation. The allowed options\nare Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml index 425db1d2a..627ff40ec 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml @@ -601,138 +601,36 @@ spec: data: description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." x-kubernetes-preserve-unknown-fields: true - generateExisting: - description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." - type: "boolean" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - orphanDownstreamOnPolicyDelete: - description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." - type: "boolean" - synchronize: - description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." - type: "boolean" - uid: - description: "UID specifies the resource uid." - type: "string" - type: "object" - imageExtractors: - additionalProperties: - items: - properties: - jmesPath: - description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." - type: "string" - key: - description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." - type: "string" - name: - description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." - type: "string" - path: - description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." - type: "string" - value: - description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." - type: "string" - required: - - "path" - type: "object" - type: "array" - description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." - type: "object" - match: - description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." - properties: - all: - description: "All allows specifying resources which will be ANDed" + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -765,237 +663,54 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." + context: + description: "Context defines variables and data sources that can be used during rule execution." items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" - items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" - properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" required: - - "key" - - "operator" + - "url" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - type: "object" - mutate: - description: "Mutation is used to modify matching resources." - properties: - foreach: - description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - items: - description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." - properties: - context: - description: "Context defines variables and data sources that can be used during rule execution." - items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." - properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." - type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." - type: "string" - required: - - "url" - type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." type: "string" type: "object" configMap: @@ -1074,23 +789,20 @@ spec: type: "object" type: "object" type: "array" - foreach: - description: "Foreach declares a nested foreach iterator" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." x-kubernetes-preserve-unknown-fields: true + kind: + description: "Kind specifies resource kind." + type: "string" list: description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" - order: - description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." - enum: - - "Ascending" - - "Descending" + name: + description: "Name specifies the resource name." type: "string" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + namespace: + description: "Namespace specifies resource namespace." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -1169,206 +881,779 @@ spec: type: "array" type: "object" x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" type: "object" type: "array" - mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + generateExisting: + description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" - patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." - x-kubernetes-preserve-unknown-fields: true - patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + kind: + description: "Kind specifies resource kind." type: "string" - targets: - description: "Targets defines the target resources to be mutated." + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + orphanDownstreamOnPolicyDelete: + description: "OrphanDownstreamOnPolicyDelete controls whether generated resources should be deleted when the rule that generated\nthem is deleted with synchronization enabled. This option is only applicable to generate rules of the data type.\nSee https://kyverno.io/docs/writing-policies/generate/#data-examples.\nDefaults to \"false\" if not specified." + type: "boolean" + synchronize: + description: "Synchronize controls if generated resources should be kept in-sync with their source resource.\nIf Synchronize is set to \"true\" changes to generated resources will be overwritten with resource\ndata from Data or the resource specified in the Clone declaration.\nOptional. Defaults to \"false\" if not specified." + type: "boolean" + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + imageExtractors: + additionalProperties: + items: + properties: + jmesPath: + description: "JMESPath is an optional JMESPath expression to apply to the image value.\nThis is useful when the extracted image begins with a prefix like 'docker://'.\nThe 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').\nNote - Image digest mutation may not be used when applying a JMESPAth to an image." + type: "string" + key: + description: "Key is an optional name of the field within 'path' that will be used to uniquely identify an image.\nNote - this field MUST be unique." + type: "string" + name: + description: "Name is the entry the image will be available under 'images.' in the context.\nIf this field is not defined, image entries will appear under 'images.custom'." + type: "string" + path: + description: "Path is the path to the object containing the image field in a custom resource.\nIt should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.\nWildcard keys are expanded in case of arrays or objects." + type: "string" + value: + description: "Value is an optional name of the field within 'path' that points to the image URI.\nThis is useful when a custom 'key' is also defined." + type: "string" + required: + - "path" + type: "object" + type: "array" + description: "ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.\nThis config is only valid for verifyImages rules." + type: "object" + match: + description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + properties: + all: + description: "All allows specifying resources which will be ANDed" items: - description: "TargetResourceSpec defines targets for mutating existing resources." + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - context: - description: "Context defines variables and data sources that can be used during rule execution." + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." items: - description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." - properties: - apiCall: - description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." - properties: - data: - description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." - items: - description: "RequestData contains the HTTP POST data" - properties: - key: - description: "Key is a unique identifier for the data value" - type: "string" - value: - description: "Value is the data value" - x-kubernetes-preserve-unknown-fields: true - required: - - "key" - - "value" - type: "object" - type: "array" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - method: - default: "GET" - description: "Method is the HTTP request type (GET or POST). Defaults to GET." - enum: - - "GET" - - "POST" - type: "string" - service: - description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - caBundle: - description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + key: + description: "key is the label key that the selector applies to." type: "string" - url: - description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" required: - - "url" + - "key" + - "operator" type: "object" - urlPath: - description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." - type: "string" - type: "object" - configMap: - description: "ConfigMap is the ConfigMap reference." - properties: - name: - description: "Name is the ConfigMap name." - type: "string" - namespace: - description: "Namespace is the ConfigMap namespace." - type: "string" - required: - - "name" - type: "object" - globalReference: - description: "GlobalContextEntryReference is a reference to a cached global context entry." - properties: - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." - type: "string" - name: - description: "Name of the global context entry" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - type: "object" - imageRegistry: - description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." - properties: - imageRegistryCredentials: - description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - allowInsecureRegistry: - description: "AllowInsecureRegistry allows insecure access to a registry." - type: "boolean" - providers: - description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." - items: - description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." - enum: - - "default" - - "amazon" - - "azure" - - "google" - - "github" - type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: type: "string" - required: - - "reference" - type: "object" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" name: - description: "Name is the variable name." + description: "Name of the object being referenced." type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true - type: "object" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" - kind: - description: "Kind specifies resource kind." - type: "string" - name: - description: "Name specifies the resource name." - type: "string" - namespace: - description: "Namespace specifies resource namespace." - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - x-kubernetes-preserve-unknown-fields: true - uid: - description: "UID specifies the resource uid." - type: "string" type: "object" type: "array" - type: "object" - name: - description: "Name is a label to identify the rule, It must be unique within the policy." - maxLength: 63 - type: "string" - preconditions: - description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" - properties: - all: - description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass." + any: + description: "Any allows specifying resources which will be ORed" items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - key: - description: "Key is the context entry (using JMESPath) for conditional rule evaluation." - x-kubernetes-preserve-unknown-fields: true - message: - description: "Message is an optional display message" - type: "string" - operator: - description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" - enum: - - "Equals" - - "NotEquals" - - "AnyIn" - - "AllIn" - - "AnyNotIn" - - "AllNotIn" - - "GreaterThanOrEquals" - - "GreaterThan" - - "LessThanOrEquals" - - "LessThan" - - "DurationGreaterThanOrEquals" - - "DurationGreaterThan" - - "DurationLessThanOrEquals" - - "DurationLessThan" - type: "string" - value: - description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + type: "array" + type: "object" + mutate: + description: "Mutation is used to modify matching resources." + properties: + foreach: + description: "ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + items: + description: "ForEachMutation applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." + properties: + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + foreach: + description: "Foreach declares a nested foreach iterator" + x-kubernetes-preserve-unknown-fields: true + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." + type: "string" + order: + description: "Order defines the iteration order on the list.\nCan be Ascending to iterate from first to last element or Descending to iterate in from last to first element." + enum: + - "Ascending" + - "Descending" + type: "string" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" + patchStrategicMerge: + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + x-kubernetes-preserve-unknown-fields: true + patchesJson6902: + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + type: "string" + targets: + description: "Targets defines the target resources to be mutated." + items: + description: "TargetResourceSpec defines targets for mutating existing resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." + properties: + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." + type: "string" + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." + type: "string" + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + kind: + description: "Kind specifies resource kind." + type: "string" + name: + description: "Name specifies the resource name." + type: "string" + namespace: + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." + type: "string" + type: "object" + type: "array" + type: "object" + name: + description: "Name is a label to identify the rule, It must be unique within the policy." + maxLength: 63 + type: "string" + preconditions: + description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass." + items: + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "AnyIn" + - "AllIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" @@ -2660,6 +2945,7 @@ spec: description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: @@ -2902,45 +3188,189 @@ spec: - "google" - "github" type: "string" - type: "array" - secrets: - description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." - items: + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." + items: + type: "string" + type: "array" + type: "object" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." + type: "string" + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" + type: "string" + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." + type: "string" + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + type: "array" + exclude: + description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + properties: + all: + description: "All allows specifying resources which will be ANDed" + items: + description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" + properties: + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." type: "string" - type: "array" - type: "object" - jmesPath: - description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." - type: "string" - reference: - description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" - type: "string" - required: - - "reference" - type: "object" - name: - description: "Name is the variable name." - type: "string" - variable: - description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." - properties: - default: - description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" - x-kubernetes-preserve-unknown-fields: true - jmesPath: - description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." - type: "string" - value: - description: "Value is any arbitrary JSON object representable in YAML or JSON form." - x-kubernetes-preserve-unknown-fields: true + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" type: "object" - type: "object" - type: "array" - exclude: - description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." - properties: - all: - description: "All allows specifying resources which will be ANDed" + type: "array" + any: + description: "Any allows specifying resources which will be ORed" items: description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: @@ -3079,43 +3509,242 @@ spec: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - any: - description: "Any allows specifying resources which will be ORed" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + type: "array" + clusterRoles: + description: "ClusterRoles is the list of cluster-wide role names for the user." + items: + type: "string" + type: "array" + resources: + description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + properties: + annotations: + additionalProperties: + type: "string" + description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." + type: "object" + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + name: + description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + type: "string" + names: + description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + namespaceSelector: + description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." + items: + type: "string" + type: "array" + operations: + description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." + items: + description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." + enum: + - "CREATE" + - "CONNECT" + - "UPDATE" + - "DELETE" + type: "string" + type: "array" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + roles: + description: "Roles is the list of namespaced role names for the user." + items: + type: "string" + type: "array" + subjects: + description: "Subjects is the list of subject names like users, user groups, and service accounts." + items: + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." + properties: + apiGroup: + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + type: "string" + kind: + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + type: "string" + name: + description: "Name of the object being referenced." + type: "string" + namespace: + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + type: "object" + generate: + description: "Generation is used to create new resources." + properties: + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." + properties: + kinds: + description: "Kinds is a list of resource kinds." + items: + type: "string" + type: "array" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true + foreach: + description: "ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: - description: "ResourceFilter allow users to \"AND\" or \"OR\" between resources" properties: - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified." + apiVersion: + description: "APIVersion specifies resource apiVersion." + type: "string" + clone: + description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." + properties: + name: + description: "Name specifies name of the resource." + type: "string" + namespace: + description: "Namespace specifies source resource namespace." + type: "string" + type: "object" + cloneList: + description: "CloneList specifies the list of source resource used to populate each generated resource." properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" kinds: description: "Kinds is a list of resource kinds." items: type: "string" type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." + namespace: + description: "Namespace specifies source resource namespace." type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." + selector: + description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3147,288 +3776,230 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "object" + context: + description: "Context defines variables and data sources that can be used during rule execution." + items: + description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + properties: + apiCall: + description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." + properties: + data: + description: "The data object specifies the POST data sent to the server.\nOnly applicable when the method field is set to POST." + items: + description: "RequestData contains the HTTP POST data" + properties: + key: + description: "Key is a unique identifier for the data value" + type: "string" + value: + description: "Value is the data value" + x-kubernetes-preserve-unknown-fields: true + required: + - "key" + - "value" + type: "object" + type: "array" + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + method: + default: "GET" + description: "Method is the HTTP request type (GET or POST). Defaults to GET." + enum: + - "GET" + - "POST" + type: "string" + service: + description: "Service is an API call to a JSON web service.\nThis is used for non-Kubernetes API server calls.\nIt's mutually exclusive with the URLPath field." properties: - key: - description: "key is the label key that the selector applies to." + caBundle: + description: "CABundle is a PEM encoded CA bundle which will be used to validate\nthe server certificate." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + url: + description: "URL is the JSON web service URL. A typical form is\n`https://{service}.{namespace}:{port}/{path}`." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + required: + - "url" + type: "object" + urlPath: + description: "URLPath is the URL path to be used in the HTTP GET or POST request to the\nKubernetes API server (e.g. \"/api/v1/namespaces\" or \"/apis/apps/v1/deployments\").\nThe format required is the same format used by the `kubectl get --raw` command.\nSee https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls\nfor details.\nIt's mutually exclusive with the Service field." + type: "string" + type: "object" + configMap: + description: "ConfigMap is the ConfigMap reference." + properties: + name: + description: "Name is the ConfigMap name." + type: "string" + namespace: + description: "Namespace is the ConfigMap namespace." + type: "string" + required: + - "name" + type: "object" + globalReference: + description: "GlobalContextEntryReference is a reference to a cached global context entry." + properties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." + type: "string" + name: + description: "Name of the global context entry" + type: "string" + type: "object" + imageRegistry: + description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." + properties: + imageRegistryCredentials: + description: "ImageRegistryCredentials provides credentials that will be used for authentication with registry" + properties: + allowInsecureRegistry: + description: "AllowInsecureRegistry allows insecure access to a registry." + type: "boolean" + providers: + description: "Providers specifies a list of OCI Registry names, whose authentication providers are provided.\nIt can be of one of these values: default,google,azure,amazon,github." + items: + description: "ImageRegistryCredentialsProvidersType provides the list of credential providers required." + enum: + - "default" + - "amazon" + - "azure" + - "google" + - "github" + type: "string" + type: "array" + secrets: + description: "Secrets specifies a list of secrets that are provided for credentials.\nSecrets must live in the Kyverno namespace." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: + jmesPath: + description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the ImageData struct returned as a result of processing\nthe image reference." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" - kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." - type: "string" - name: - description: "Name of the object being referenced." - type: "string" - namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - type: "object" - type: "array" - clusterRoles: - description: "ClusterRoles is the list of cluster-wide role names for the user." - items: - type: "string" - type: "array" - resources: - description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." - properties: - annotations: - additionalProperties: - type: "string" - description: "Annotations is a map of annotations (key-value pairs of type string). Annotation keys\nand values support the wildcard characters \"*\" (matches zero or many characters) and\n\"?\" (matches at least one character)." - type: "object" - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - name: - description: "Name is the name of the resource. The name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character).\nNOTE: \"Name\" is being deprecated in favor of \"Names\"." - type: "string" - names: - description: "Names are the names of the resources. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - namespaceSelector: - description: "NamespaceSelector is a label selector for the resource namespace. Label keys and values\nin `matchLabels` support the wildcard characters `*` (matches zero or many characters)\nand `?` (matches one character).Wildcards allows writing label selectors like\n[\"storage.k8s.io/*\": \"*\"]. Note that using [\"*\" : \"*\"] matches any key and value but\ndoes not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + reference: + description: "Reference is image reference to a container image in the registry.\nExample: ghcr.io/kyverno/kyverno:latest" type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "Namespaces is a list of namespaces names. Each name supports wildcard characters\n\"*\" (matches zero or many characters) and \"?\" (at least one character)." - items: - type: "string" - type: "array" - operations: - description: "Operations can contain values [\"CREATE, \"UPDATE\", \"CONNECT\", \"DELETE\"], which are used to match a specific action." - items: - description: "AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action." - enum: - - "CREATE" - - "CONNECT" - - "UPDATE" - - "DELETE" - type: "string" - type: "array" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels` support the wildcard\ncharacters `*` (matches zero or many characters) and `?` (matches one character).\nWildcards allows writing label selectors like [\"storage.k8s.io/*\": \"*\"]. Note that\nusing [\"*\" : \"*\"] matches any key and value but does not match an empty label set." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + required: + - "reference" + type: "object" + name: + description: "Name is the variable name." + type: "string" + variable: + description: "Variable defines an arbitrary JMESPath context variable that can be defined inline." + properties: + default: + description: "Default is an optional arbitrary JSON object that the variable may take if the JMESPath\nexpression evaluates to nil" + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: "JMESPath is an optional JMESPath Expression that can be used to\ntransform the variable." type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + value: + description: "Value is any arbitrary JSON object representable in YAML or JSON form." + x-kubernetes-preserve-unknown-fields: true + type: "object" type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - roles: - description: "Roles is the list of namespaced role names for the user." - items: - type: "string" - type: "array" - subjects: - description: "Subjects is the list of subject names like users, user groups, and service accounts." - items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." - properties: - apiGroup: - description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." - type: "string" + type: "array" + data: + description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." + x-kubernetes-preserve-unknown-fields: true kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." + description: "Kind specifies resource kind." + type: "string" + list: + description: "List specifies a JMESPath expression that results in one or more elements\nto which the validation logic is applied." type: "string" name: - description: "Name of the object being referenced." + description: "Name specifies the resource name." type: "string" namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." + description: "Namespace specifies resource namespace." + type: "string" + preconditions: + description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" + properties: + all: + description: "AllConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, all of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + any: + description: "AnyConditions enable variable-based conditional rule execution. This is useful for\nfiner control of when an rule is applied. A condition can reference object data\nusing JMESPath notation.\nHere, at least one of the conditions need to pass" + items: + description: "Condition defines variable-based conditional criteria for rule execution." + properties: + key: + description: "Key is the context entry (using JMESPath) for conditional rule evaluation." + x-kubernetes-preserve-unknown-fields: true + message: + description: "Message is an optional display message" + type: "string" + operator: + description: "Operator is the conditional operation to perform. Valid operators are:\nEquals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,\nGreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,\nDurationLessThanOrEquals, DurationLessThan" + enum: + - "Equals" + - "NotEquals" + - "In" + - "AnyIn" + - "AllIn" + - "NotIn" + - "AnyNotIn" + - "AllNotIn" + - "GreaterThanOrEquals" + - "GreaterThan" + - "LessThanOrEquals" + - "LessThan" + - "DurationGreaterThanOrEquals" + - "DurationGreaterThan" + - "DurationLessThanOrEquals" + - "DurationLessThan" + type: "string" + value: + description: "Value is the conditional value, or set of values. The values can be fixed set\nor can be variables declared using JMESPath." + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "array" + type: "object" + x-kubernetes-preserve-unknown-fields: true + uid: + description: "UID specifies the resource uid." type: "string" - required: - - "kind" - - "name" type: "object" - x-kubernetes-map-type: "atomic" type: "array" - type: "object" - generate: - description: "Generation is used to create new resources." - properties: - apiVersion: - description: "APIVersion specifies resource apiVersion." - type: "string" - clone: - description: "Clone specifies the source resource used to populate each generated resource.\nAt most one of Data or Clone can be specified. If neither are provided, the generated\nresource will be created with default data only." - properties: - name: - description: "Name specifies name of the resource." - type: "string" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - type: "object" - cloneList: - description: "CloneList specifies the list of source resource used to populate each generated resource." - properties: - kinds: - description: "Kinds is a list of resource kinds." - items: - type: "string" - type: "array" - namespace: - description: "Namespace specifies source resource namespace." - type: "string" - selector: - description: "Selector is a label selector. Label keys and values in `matchLabels`.\nwildcard characters are not supported." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - data: - description: "Data provides the resource declaration used to populate each generated resource.\nAt most one of Data or Clone must be specified. If neither are provided, the generated\nresource will be created with default data only." - x-kubernetes-preserve-unknown-fields: true generateExisting: description: "GenerateExisting controls whether to trigger the rule in existing resources\nIf is set to \"true\" the rule will be triggered and applied to existing matched resources." type: "boolean" @@ -5516,9 +6087,10 @@ spec: description: "Deprecated. Use KeylessAttestor instead." type: "string" type: - description: "Type specifies the method of signature validation. The allowed options\nare Cosign and Notary. By default Cosign is used if a type is not specified." + description: "Type specifies the method of signature validation. The allowed options\nare Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified." enum: - "Cosign" + - "SigstoreBundle" - "Notary" type: "string" useCache: diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml index 00f43d6b9..125666c4a 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "backups.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -227,13 +227,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -332,13 +332,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -436,13 +436,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -541,13 +541,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -629,7 +629,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -659,7 +659,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -720,7 +720,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -760,18 +760,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -813,13 +816,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -907,7 +913,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -946,7 +952,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1078,7 +1084,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1098,7 +1104,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1127,7 +1133,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1144,7 +1150,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1164,7 +1170,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1190,7 +1196,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -1218,12 +1224,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -1269,7 +1277,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1293,7 +1301,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1333,7 +1341,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1354,7 +1362,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1442,10 +1450,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -1554,7 +1562,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1571,7 +1579,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -1615,7 +1623,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1636,7 +1644,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -1683,7 +1691,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -1694,6 +1702,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -1704,7 +1722,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -1713,6 +1731,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -1733,7 +1752,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1808,12 +1827,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -1889,7 +1908,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1976,7 +1995,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -2032,12 +2051,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -2047,6 +2067,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -2057,11 +2078,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -2072,6 +2094,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -2088,7 +2111,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2096,6 +2119,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -2161,7 +2185,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2231,7 +2255,7 @@ spec: conditions: description: "Conditions for the Backup object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -2260,7 +2284,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml index dacb6b2d1..a1b9a8c45 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/connections.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "connections.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -67,7 +67,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -97,7 +97,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -129,7 +129,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -200,7 +200,7 @@ spec: conditions: description: "Conditions for the Connection object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -229,7 +229,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/databases.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/databases.yaml index 9963e0a41..6e677137a 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/databases.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/databases.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "databases.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -57,6 +57,12 @@ spec: default: "utf8" description: "CharacterSet to use in the Database." type: "string" + cleanupPolicy: + description: "CleanupPolicy defines the behavior for cleaning up a SQL resource." + enum: + - "Skip" + - "Delete" + type: "string" collate: default: "utf8_general_ci" description: "Collate to use in the Database." @@ -68,7 +74,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -110,7 +116,7 @@ spec: conditions: description: "Conditions for the Database object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -139,7 +145,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/grants.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/grants.yaml index 98415686d..c4dd6a249 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/grants.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/grants.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "grants.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -56,6 +56,12 @@ spec: spec: description: "GrantSpec defines the desired state of Grant" properties: + cleanupPolicy: + description: "CleanupPolicy defines the behavior for cleaning up a SQL resource." + enum: + - "Skip" + - "Delete" + type: "string" database: default: "*" description: "Database to use in the Grant." @@ -74,7 +80,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -127,7 +133,7 @@ spec: conditions: description: "Conditions for the Grant object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -156,7 +162,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml index c068e8aa0..27b718518 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "mariadbs.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -227,13 +227,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -332,13 +332,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -436,13 +436,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -541,13 +541,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -614,7 +614,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -804,13 +804,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -909,13 +909,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1013,13 +1013,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1118,13 +1118,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1201,13 +1201,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1246,7 +1249,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1275,7 +1278,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1292,7 +1295,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1312,7 +1315,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1342,7 +1345,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -1370,12 +1373,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -1421,7 +1426,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1445,7 +1450,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1485,7 +1490,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1506,7 +1511,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1594,10 +1599,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -1706,7 +1711,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1723,7 +1728,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -1767,7 +1772,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1788,7 +1793,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -1835,7 +1840,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -1846,6 +1851,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -1856,7 +1871,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -1865,6 +1880,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -1885,7 +1901,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1960,12 +1976,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -2041,7 +2057,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -2128,7 +2144,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -2184,12 +2200,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -2199,6 +2216,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -2209,11 +2227,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -2224,6 +2243,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -2240,7 +2260,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2248,6 +2268,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -2313,7 +2334,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2350,7 +2371,7 @@ spec: type: "string" type: "array" connection: - description: "Connection defines templates to configure the general Connection object." + description: "Connection defines a template to configure the general Connection object.\nThis Connection provides the initial User access to the initial Database.\nIt will make use of the Service to route network traffic to all Pods." properties: healthCheck: description: "HealthCheck to be used in the Connection." @@ -2418,7 +2439,7 @@ spec: type: "string" type: "object" database: - description: "Database is the initial database to be created by the operator once MariaDB is ready." + description: "Database is the name of the initial Database." type: "string" env: description: "Env represents the environment variables to be injected in a container." @@ -2442,7 +2463,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2492,7 +2513,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2516,7 +2537,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2531,7 +2552,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2578,7 +2599,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2628,7 +2649,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2652,7 +2673,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2667,7 +2688,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2724,7 +2745,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2832,7 +2854,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2915,13 +2938,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2988,7 +3014,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3027,7 +3053,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3067,7 +3093,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3208,7 +3234,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3259,7 +3285,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3309,7 +3335,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3333,7 +3359,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -3348,7 +3374,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3392,7 +3418,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3496,7 +3523,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3579,13 +3607,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3652,7 +3683,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3691,7 +3722,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3731,7 +3762,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3933,13 +3964,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4038,13 +4069,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4142,13 +4173,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4247,13 +4278,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4330,13 +4361,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4418,13 +4452,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4493,7 +4530,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4549,7 +4586,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4599,7 +4636,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4623,7 +4660,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -4638,7 +4675,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -4682,7 +4719,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -4786,7 +4824,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -4869,13 +4908,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4942,7 +4984,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -4981,7 +5023,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -5021,7 +5063,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -5063,7 +5105,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5171,7 +5214,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5199,7 +5242,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5229,7 +5272,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5257,7 +5300,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5285,7 +5328,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5313,7 +5356,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5465,7 +5508,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5834,13 +5877,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5939,13 +5982,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -6043,13 +6086,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -6148,13 +6191,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -6240,7 +6283,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6290,7 +6333,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6314,7 +6357,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -6329,7 +6372,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -6355,7 +6398,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6397,7 +6440,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6447,7 +6490,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6471,7 +6514,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -6486,7 +6529,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -6530,7 +6573,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6634,7 +6678,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6717,13 +6762,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6790,7 +6838,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6829,7 +6877,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -6869,7 +6917,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6911,7 +6959,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7025,7 +7074,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -7065,18 +7114,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -7143,7 +7195,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7226,13 +7279,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -7299,7 +7355,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -7338,7 +7394,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7400,7 +7456,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7450,7 +7506,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7474,7 +7530,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -7489,7 +7545,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -7533,7 +7589,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7637,7 +7694,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7720,13 +7778,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -7793,7 +7854,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -7832,7 +7893,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7872,7 +7933,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -7951,7 +8012,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -7961,14 +8022,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -8000,7 +8061,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -8022,7 +8083,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -8050,12 +8111,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -8101,7 +8164,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8125,7 +8188,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8165,7 +8228,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -8186,7 +8249,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8274,10 +8337,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -8386,7 +8449,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -8403,7 +8466,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -8447,7 +8510,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8468,7 +8531,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -8515,7 +8578,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -8526,6 +8589,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -8536,7 +8609,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -8545,6 +8618,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -8565,7 +8639,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8643,12 +8717,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -8724,7 +8798,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -8811,7 +8885,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -8867,12 +8941,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -8882,6 +8957,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -8892,11 +8968,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -8907,6 +8984,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -8923,7 +9001,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8931,6 +9009,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -8996,7 +9075,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9125,6 +9204,8 @@ spec: default: false description: "Suspend indicates whether the current resource should be suspended or not.\nThis can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities." type: "boolean" + required: + - "port" type: "object" name: description: "Name is the identifier of the MaxScale service." @@ -9179,7 +9260,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -9390,13 +9471,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -9495,13 +9576,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -9599,13 +9680,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -9704,13 +9785,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -9796,7 +9877,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -9846,7 +9927,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -9870,7 +9951,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -9885,7 +9966,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -9911,7 +9992,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9953,7 +10034,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -10003,7 +10084,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -10027,7 +10108,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -10042,7 +10123,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -10086,7 +10167,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10190,7 +10272,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10273,13 +10356,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -10346,7 +10432,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -10385,7 +10471,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -10425,7 +10511,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -10467,7 +10553,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10581,7 +10668,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -10621,18 +10708,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -10699,7 +10789,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10782,13 +10873,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -10855,7 +10949,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -10894,7 +10988,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -10956,7 +11050,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -11006,7 +11100,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -11030,7 +11124,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -11045,7 +11139,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -11089,7 +11183,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -11193,7 +11288,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -11276,13 +11372,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -11349,7 +11448,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -11388,7 +11487,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -11428,7 +11527,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -11507,7 +11606,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -11517,14 +11616,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -11556,7 +11655,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -11578,7 +11677,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -11606,12 +11705,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -11657,7 +11758,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -11681,7 +11782,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -11721,7 +11822,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -11742,7 +11843,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -11830,10 +11931,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -11942,7 +12043,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -11959,7 +12060,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -12003,7 +12104,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -12024,7 +12125,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -12071,7 +12172,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -12082,6 +12183,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -12092,7 +12203,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -12101,6 +12212,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -12121,7 +12233,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -12199,12 +12311,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -12280,7 +12392,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -12367,7 +12479,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -12423,12 +12535,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -12438,6 +12551,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -12448,11 +12562,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -12463,6 +12578,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -12479,7 +12595,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -12487,6 +12603,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -12552,7 +12669,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -12598,7 +12715,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -12638,7 +12755,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -12652,8 +12769,63 @@ spec: type: "string" description: "NodeSelector to be used in the Pod." type: "object" + passwordHashSecretKeyRef: + description: "PasswordHashSecretKeyRef is a reference to the password hash to be used by the initial User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password hash." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + passwordPlugin: + description: "PasswordPlugin is a reference to the password plugin and arguments to be used by the initial User." + properties: + pluginArgSecretKeyRef: + description: "PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the authentication plugin arguments." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + pluginNameSecretKeyRef: + description: "PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the authentication plugin." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" passwordSecretKeyRef: - description: "PasswordSecretKeyRef is a reference to a Secret that contains the password for the initial user.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." + description: "PasswordSecretKeyRef is a reference to a Secret that contains the password to be used by the initial User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: generate: default: false @@ -12664,7 +12836,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -12719,7 +12891,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -12759,18 +12931,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -12811,7 +12986,7 @@ spec: format: "int32" type: "integer" primaryConnection: - description: "PrimaryConnection defines templates to configure the primary Connection object." + description: "PrimaryConnection defines a template to configure the primary Connection object.\nThis Connection provides the initial User access to the initial Database.\nIt will make use of the PrimaryService to route network traffic to the primary Pod." properties: healthCheck: description: "HealthCheck to be used in the Connection." @@ -12879,7 +13054,7 @@ spec: type: "string" type: "object" primaryService: - description: "PrimaryService defines templates to configure the primary Service object." + description: "PrimaryService defines a template to configure the primary Service object.\nThe network traffic of this Service will be routed to the primary Pod." properties: allocateLoadBalancerNodePorts: description: "AllocateLoadBalancerNodePorts Service field." @@ -12949,7 +13124,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -13083,7 +13259,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -13110,13 +13286,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -13158,7 +13337,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -13168,7 +13347,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" secondaryConnection: - description: "SecondaryConnection defines templates to configure the secondary Connection object." + description: "SecondaryConnection defines a template to configure the secondary Connection object.\nThis Connection provides the initial User access to the initial Database.\nIt will make use of the SecondaryService to route network traffic to the secondary Pods." properties: healthCheck: description: "HealthCheck to be used in the Connection." @@ -13236,7 +13415,7 @@ spec: type: "string" type: "object" secondaryService: - description: "SecondaryService defines templates to configure the secondary Service object." + description: "SecondaryService defines a template to configure the secondary Service object.\nThe network traffic of this Service will be routed to the secondary Pods." properties: allocateLoadBalancerNodePorts: description: "AllocateLoadBalancerNodePorts Service field." @@ -13318,7 +13497,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -13357,7 +13536,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -13380,7 +13559,7 @@ spec: type: "object" type: "object" service: - description: "Service defines templates to configure the general Service object." + description: "Service defines a template to configure the general Service object.\nThe network traffic of this Service will be routed to all Pods." properties: allocateLoadBalancerNodePorts: description: "AllocateLoadBalancerNodePorts Service field." @@ -13462,7 +13641,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -13512,7 +13691,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -13536,7 +13715,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -13551,7 +13730,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -13595,7 +13774,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -13699,7 +13879,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -13782,13 +13963,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -13855,7 +14039,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -13894,7 +14078,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -13934,7 +14118,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -14088,7 +14272,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -14170,7 +14354,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -14180,14 +14364,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -14228,7 +14412,7 @@ spec: type: "string" type: "object" username: - description: "Username is the initial username to be created by the operator once MariaDB is ready. It has all privileges on the initial database." + description: "Username is the initial username to be created by the operator once MariaDB is ready. It has all privileges on the initial database.\nThe initial User will have ALL PRIVILEGES in the initial Database." type: "string" volumeMounts: description: "VolumeMounts to be used in the Container." @@ -14248,7 +14432,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -14270,7 +14454,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -14298,12 +14482,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -14349,7 +14535,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14373,7 +14559,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14413,7 +14599,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -14434,7 +14620,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14522,10 +14708,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -14634,7 +14820,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -14651,7 +14837,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -14695,7 +14881,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14716,7 +14902,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -14763,7 +14949,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -14774,6 +14960,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -14784,7 +14980,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -14793,6 +14989,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -14813,7 +15010,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14891,12 +15088,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -14972,7 +15169,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -15059,7 +15256,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -15115,12 +15312,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -15130,6 +15328,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -15140,11 +15339,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -15155,6 +15355,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -15171,7 +15372,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -15179,6 +15380,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -15244,7 +15446,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -15287,7 +15489,7 @@ spec: conditions: description: "Conditions for the Mariadb object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -15316,7 +15518,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml index 15f63592e..76f200889 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/maxscales.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "maxscales.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -238,13 +238,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -343,13 +343,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -447,13 +447,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -552,13 +552,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -632,7 +632,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -660,7 +660,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -690,7 +690,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -718,7 +718,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -746,7 +746,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -774,7 +774,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -931,7 +931,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1031,7 +1031,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1081,7 +1081,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1105,7 +1105,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1120,7 +1120,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1189,7 +1189,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1245,7 +1245,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1295,7 +1295,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1319,7 +1319,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1334,7 +1334,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1378,7 +1378,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1482,7 +1483,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1565,13 +1567,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1638,7 +1643,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1677,7 +1682,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1717,7 +1722,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1802,7 +1807,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1888,7 +1894,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -2103,13 +2109,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2208,13 +2214,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2312,13 +2318,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2417,13 +2423,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2509,7 +2515,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2559,7 +2565,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2583,7 +2589,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2598,7 +2604,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2624,7 +2630,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2666,7 +2672,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2716,7 +2722,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2740,7 +2746,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2755,7 +2761,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2799,7 +2805,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2903,7 +2910,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2986,13 +2994,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3059,7 +3070,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3098,7 +3109,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3138,7 +3149,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3180,7 +3191,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3294,7 +3306,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3334,18 +3346,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3412,7 +3427,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3495,13 +3511,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3568,7 +3587,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3607,7 +3626,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3669,7 +3688,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3719,7 +3738,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3743,7 +3762,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -3758,7 +3777,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3802,7 +3821,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3906,7 +3926,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3989,13 +4010,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4062,7 +4086,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -4101,7 +4125,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -4141,7 +4165,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -4220,7 +4244,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -4230,14 +4254,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -4269,7 +4293,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -4291,7 +4315,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -4319,12 +4343,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4370,7 +4396,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4394,7 +4420,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4434,7 +4460,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4455,7 +4481,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4543,10 +4569,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4655,7 +4681,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4672,7 +4698,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4716,7 +4742,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4737,7 +4763,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4784,7 +4810,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4795,6 +4821,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4805,7 +4841,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4814,6 +4850,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4834,7 +4871,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4912,12 +4949,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4993,7 +5030,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -5080,7 +5117,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -5136,12 +5173,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -5151,6 +5189,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -5161,11 +5200,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -5176,6 +5216,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -5192,7 +5233,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5200,6 +5241,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -5265,7 +5307,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5395,7 +5437,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -5435,18 +5477,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -5509,7 +5554,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5600,13 +5646,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -5673,7 +5722,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -5712,7 +5761,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -5795,6 +5844,8 @@ spec: default: false description: "Suspend indicates whether the current resource should be suspended or not.\nThis can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities." type: "boolean" + required: + - "port" type: "object" name: description: "Name is the identifier of the MaxScale service." @@ -5857,7 +5908,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5907,7 +5958,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5931,7 +5982,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -5946,7 +5997,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -5990,7 +6041,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6094,7 +6146,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6177,13 +6230,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6250,7 +6306,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6289,7 +6345,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -6329,7 +6385,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6412,7 +6468,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -6422,14 +6478,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -6482,7 +6538,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6504,7 +6560,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -6532,12 +6588,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -6583,7 +6641,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6607,7 +6665,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6647,7 +6705,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -6668,7 +6726,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6756,10 +6814,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -6868,7 +6926,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -6885,7 +6943,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -6929,7 +6987,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6950,7 +7008,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -6997,7 +7055,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -7008,6 +7066,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -7018,7 +7086,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -7027,6 +7095,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -7047,7 +7116,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7125,12 +7194,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -7206,7 +7275,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -7293,7 +7362,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -7349,12 +7418,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -7364,6 +7434,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -7374,11 +7445,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -7389,6 +7461,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -7405,7 +7478,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7413,6 +7486,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -7478,7 +7552,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7518,7 +7592,7 @@ spec: conditions: description: "Conditions for the MaxScale object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -7547,7 +7621,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/restores.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/restores.yaml index 3233479e4..52b5f0faf 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/restores.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/restores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "restores.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -227,13 +227,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -332,13 +332,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -436,13 +436,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -541,13 +541,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -616,7 +616,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -630,7 +630,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -660,7 +660,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -718,7 +718,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -758,18 +758,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -811,13 +814,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -863,7 +869,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -892,7 +898,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -909,7 +915,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -929,7 +935,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -988,7 +994,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1027,7 +1033,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1086,7 +1092,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -1114,12 +1120,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -1165,7 +1173,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1189,7 +1197,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1229,7 +1237,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1250,7 +1258,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1338,10 +1346,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -1450,7 +1458,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1467,7 +1475,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -1511,7 +1519,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1532,7 +1540,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -1579,7 +1587,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -1590,6 +1598,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -1600,7 +1618,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -1609,6 +1627,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -1629,7 +1648,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1704,12 +1723,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -1785,7 +1804,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1872,7 +1891,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -1928,12 +1947,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -1943,6 +1963,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -1953,11 +1974,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -1968,6 +1990,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -1984,7 +2007,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1992,6 +2015,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -2057,7 +2081,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2096,7 +2120,7 @@ spec: conditions: description: "Conditions for the Restore object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -2125,7 +2149,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml index 05a504733..73b6f4634 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "sqljobs.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -227,13 +227,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -332,13 +332,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -436,13 +436,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -541,13 +541,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -621,7 +621,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -637,7 +637,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -663,7 +663,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -699,7 +699,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -738,7 +738,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -778,18 +778,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -831,13 +834,16 @@ spec: description: "Resouces describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -925,7 +931,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -964,7 +970,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1000,7 +1006,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1052,7 +1058,7 @@ spec: conditions: description: "Conditions for the SqlJob object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -1081,7 +1087,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml index dbe094e6a..9c8c0d259 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/users.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "users.k8s.mariadb.com" spec: group: "k8s.mariadb.com" @@ -47,6 +47,12 @@ spec: spec: description: "UserSpec defines the desired state of User" properties: + cleanupPolicy: + description: "CleanupPolicy defines the behavior for cleaning up a SQL resource." + enum: + - "Skip" + - "Delete" + type: "string" host: description: "Host related to the User." maxLength: 255 @@ -58,7 +64,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -90,6 +96,61 @@ spec: description: "Name overrides the default name provided by metadata.name." maxLength: 80 type: "string" + passwordHashSecretKeyRef: + description: "PasswordHashSecretKeyRef is a reference to the password hash to be used by the User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password hash." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + passwordPlugin: + description: "PasswordPlugin is a reference to the password plugin and arguments to be used by the User." + properties: + pluginArgSecretKeyRef: + description: "PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the authentication plugin arguments." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + pluginNameSecretKeyRef: + description: "PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the authentication plugin." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" passwordSecretKeyRef: description: "PasswordSecretKeyRef is a reference to the password to be used by the User.\nIf not provided, the account will be locked and the password will expire.\nIf the referred Secret is labeled with \"k8s.mariadb.com/watch\", updates may be performed to the Secret in order to update the password." properties: @@ -98,7 +159,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -122,7 +183,7 @@ spec: conditions: description: "Conditions for the User object." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -151,7 +212,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assign.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assign.yaml index d89516559..edd28e7d8 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assign.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assign.yaml @@ -102,11 +102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -137,11 +139,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assignmetadata.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assignmetadata.yaml index 8eb009e25..a5eb248fd 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assignmetadata.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/assignmetadata.yaml @@ -82,11 +82,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -117,11 +119,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/modifyset.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/modifyset.yaml index b8a9d43f0..014d639dd 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/modifyset.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1/modifyset.yaml @@ -102,11 +102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -137,11 +139,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assign.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assign.yaml index 58791a267..b5af16488 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assign.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assign.yaml @@ -98,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -133,11 +135,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignimage.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignimage.yaml index a91da12fc..88e2fe416 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignimage.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignimage.yaml @@ -102,11 +102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -137,11 +139,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignmetadata.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignmetadata.yaml index ee19841c9..517bf8d95 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignmetadata.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/assignmetadata.yaml @@ -78,11 +78,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -113,11 +115,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/modifyset.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/modifyset.yaml index 6e712e8b9..ae9c20884 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/modifyset.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1alpha1/modifyset.yaml @@ -98,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -133,11 +135,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assign.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assign.yaml index ca919fc47..cda62f19a 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assign.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assign.yaml @@ -98,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -133,11 +135,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assignmetadata.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assignmetadata.yaml index 8fb87c3b9..ddbf21776 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assignmetadata.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/assignmetadata.yaml @@ -78,11 +78,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -113,11 +115,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/modifyset.yaml b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/modifyset.yaml index 10fec1824..34507c046 100644 --- a/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/modifyset.yaml +++ b/crd-catalog/open-policy-agent/gatekeeper/mutations.gatekeeper.sh/v1beta1/modifyset.yaml @@ -98,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -133,11 +135,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml index 9e920d2fb..cf3d97642 100644 --- a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml +++ b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "instrumentations.opentelemetry.io" spec: group: "opentelemetry.io" @@ -186,6 +186,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -296,6 +298,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -475,6 +479,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -595,6 +601,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -771,6 +779,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -879,6 +889,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -1000,6 +1012,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opampbridges.yaml b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opampbridges.yaml index ccaf952a5..6442c20db 100644 --- a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opampbridges.yaml +++ b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opampbridges.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "opampbridges.opentelemetry.io" spec: group: "opentelemetry.io" @@ -675,6 +675,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -739,6 +741,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -961,10 +965,12 @@ spec: diskURI: type: "string" fsType: + default: "ext4" type: "string" kind: type: "string" readOnly: + default: false type: "boolean" required: - "diskName" @@ -1341,6 +1347,13 @@ spec: required: - "path" type: "object" + image: + properties: + pullPolicy: + type: "string" + reference: + type: "string" + type: "object" iscsi: properties: chapAuthDiscovery: @@ -1354,6 +1367,7 @@ spec: iqn: type: "string" iscsiInterface: + default: "default" type: "string" lun: format: "int32" @@ -1602,6 +1616,7 @@ spec: image: type: "string" keyring: + default: "/etc/ceph/keyring" type: "string" monitors: items: @@ -1609,6 +1624,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" type: "string" readOnly: type: "boolean" @@ -1620,6 +1636,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" type: "string" required: - "image" @@ -1628,6 +1645,7 @@ spec: scaleIO: properties: fsType: + default: "xfs" type: "string" gateway: type: "string" @@ -1645,6 +1663,7 @@ spec: sslEnabled: type: "boolean" storageMode: + default: "ThinProvisioned" type: "string" storagePool: type: "string" diff --git a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml index f6316a283..43cf7b87c 100644 --- a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml +++ b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "opentelemetrycollectors.opentelemetry.io" spec: group: "opentelemetry.io" @@ -306,6 +306,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -412,6 +413,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -493,6 +495,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -610,6 +614,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1736,6 +1741,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1842,6 +1848,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1923,6 +1930,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -2040,6 +2049,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2401,6 +2411,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -2467,6 +2479,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -3165,6 +3179,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -3217,6 +3233,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -3715,10 +3733,12 @@ spec: diskURI: type: "string" fsType: + default: "ext4" type: "string" kind: type: "string" readOnly: + default: false type: "boolean" required: - "diskName" @@ -4095,6 +4115,13 @@ spec: required: - "path" type: "object" + image: + properties: + pullPolicy: + type: "string" + reference: + type: "string" + type: "object" iscsi: properties: chapAuthDiscovery: @@ -4108,6 +4135,7 @@ spec: iqn: type: "string" iscsiInterface: + default: "default" type: "string" lun: format: "int32" @@ -4356,6 +4384,7 @@ spec: image: type: "string" keyring: + default: "/etc/ceph/keyring" type: "string" monitors: items: @@ -4363,6 +4392,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" type: "string" readOnly: type: "boolean" @@ -4374,6 +4404,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" type: "string" required: - "image" @@ -4382,6 +4413,7 @@ spec: scaleIO: properties: fsType: + default: "xfs" type: "string" gateway: type: "string" @@ -4399,6 +4431,7 @@ spec: sslEnabled: type: "boolean" storageMode: + default: "ThinProvisioned" type: "string" storagePool: type: "string" @@ -4473,6 +4506,9 @@ spec: type: "object" type: "array" x-kubernetes-list-type: "atomic" + required: + - "config" + - "managementState" type: "object" status: properties: diff --git a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1beta1/opentelemetrycollectors.yaml b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1beta1/opentelemetrycollectors.yaml index 656602443..7142af9de 100644 --- a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1beta1/opentelemetrycollectors.yaml +++ b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1beta1/opentelemetrycollectors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "opentelemetrycollectors.opentelemetry.io" spec: group: "opentelemetry.io" @@ -304,6 +304,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -410,6 +411,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -491,6 +493,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -608,6 +612,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1810,6 +1815,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1916,6 +1922,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1997,6 +2004,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -2114,6 +2123,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2499,6 +2509,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -2586,6 +2598,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -3287,6 +3301,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -3383,6 +3399,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -3863,10 +3881,12 @@ spec: diskURI: type: "string" fsType: + default: "ext4" type: "string" kind: type: "string" readOnly: + default: false type: "boolean" required: - "diskName" @@ -4243,6 +4263,13 @@ spec: required: - "path" type: "object" + image: + properties: + pullPolicy: + type: "string" + reference: + type: "string" + type: "object" iscsi: properties: chapAuthDiscovery: @@ -4256,6 +4283,7 @@ spec: iqn: type: "string" iscsiInterface: + default: "default" type: "string" lun: format: "int32" @@ -4504,6 +4532,7 @@ spec: image: type: "string" keyring: + default: "/etc/ceph/keyring" type: "string" monitors: items: @@ -4511,6 +4540,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" type: "string" readOnly: type: "boolean" @@ -4522,6 +4552,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" type: "string" required: - "image" @@ -4530,6 +4561,7 @@ spec: scaleIO: properties: fsType: + default: "xfs" type: "string" gateway: type: "string" @@ -4547,6 +4579,7 @@ spec: sslEnabled: type: "boolean" storageMode: + default: "ThinProvisioned" type: "string" storagePool: type: "string" @@ -4623,6 +4656,7 @@ spec: x-kubernetes-list-type: "atomic" required: - "config" + - "managementState" type: "object" status: properties: diff --git a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlbackups.yaml b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlbackups.yaml index 40625f2c6..5a531a4d9 100644 --- a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlbackups.yaml +++ b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlbackups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconaservermysqlbackups.ps.percona.com" spec: group: "ps.percona.com" @@ -672,6 +672,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -706,6 +708,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlrestores.yaml b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlrestores.yaml index 86fb7c299..935510d4b 100644 --- a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlrestores.yaml +++ b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqlrestores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconaservermysqlrestores.ps.percona.com" spec: group: "ps.percona.com" @@ -656,6 +656,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -690,6 +692,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml index 73af2d053..d3c9c679d 100644 --- a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml +++ b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconaservermysqls.ps.percona.com" spec: group: "ps.percona.com" @@ -810,6 +810,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -925,6 +926,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -974,6 +977,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1042,6 +1046,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -1097,6 +1103,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1377,6 +1384,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -1412,6 +1421,10 @@ spec: type: "string" storageName: type: "string" + required: + - "name" + - "schedule" + - "storageName" type: "object" type: "array" serviceAccountName: @@ -2024,6 +2037,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -2058,6 +2073,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -2993,6 +3010,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3108,6 +3126,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -3154,6 +3174,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3222,6 +3243,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -3376,10 +3399,12 @@ spec: diskURI: type: "string" fsType: + default: "ext4" type: "string" kind: type: "string" readOnly: + default: false type: "boolean" required: - "diskName" @@ -3739,6 +3764,13 @@ spec: required: - "path" type: "object" + image: + properties: + pullPolicy: + type: "string" + reference: + type: "string" + type: "object" iscsi: properties: chapAuthDiscovery: @@ -3752,6 +3784,7 @@ spec: iqn: type: "string" iscsiInterface: + default: "default" type: "string" lun: format: "int32" @@ -4000,6 +4033,7 @@ spec: image: type: "string" keyring: + default: "/etc/ceph/keyring" type: "string" monitors: items: @@ -4007,6 +4041,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" type: "string" readOnly: type: "boolean" @@ -4018,6 +4053,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" type: "string" required: - "image" @@ -4026,6 +4062,7 @@ spec: scaleIO: properties: fsType: + default: "xfs" type: "string" gateway: type: "string" @@ -4043,6 +4080,7 @@ spec: sslEnabled: type: "boolean" storageMode: + default: "ThinProvisioned" type: "string" storagePool: type: "string" @@ -4370,6 +4408,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4476,6 +4515,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4557,6 +4597,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -4674,6 +4716,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4813,6 +4856,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5739,6 +5783,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5854,6 +5899,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -5900,6 +5947,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5968,6 +6016,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -6020,6 +6070,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6354,6 +6405,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -7070,6 +7123,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -7185,6 +7239,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -7231,6 +7287,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -7299,6 +7356,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -7351,6 +7410,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -8277,6 +8337,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -8392,6 +8453,8 @@ spec: type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + type: "string" sysctls: items: properties: @@ -8438,6 +8501,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -8506,6 +8570,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -8558,6 +8624,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -9023,6 +9090,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -9103,6 +9171,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -9171,6 +9240,8 @@ spec: properties: name: type: "string" + request: + type: "string" required: - "name" type: "object" @@ -9214,6 +9285,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/bgpfilters.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/bgpfilters.yaml index 3d66e89a8..abb464d65 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/bgpfilters.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/bgpfilters.yaml @@ -41,6 +41,19 @@ spec: type: "string" matchOperator: type: "string" + prefixLength: + properties: + max: + format: "int32" + maximum: 32.0 + minimum: 0.0 + type: "integer" + min: + format: "int32" + maximum: 32.0 + minimum: 0.0 + type: "integer" + type: "object" source: type: "string" required: @@ -60,6 +73,19 @@ spec: type: "string" matchOperator: type: "string" + prefixLength: + properties: + max: + format: "int32" + maximum: 128.0 + minimum: 0.0 + type: "integer" + min: + format: "int32" + maximum: 128.0 + minimum: 0.0 + type: "integer" + type: "object" source: type: "string" required: @@ -79,6 +105,19 @@ spec: type: "string" matchOperator: type: "string" + prefixLength: + properties: + max: + format: "int32" + maximum: 32.0 + minimum: 0.0 + type: "integer" + min: + format: "int32" + maximum: 32.0 + minimum: 0.0 + type: "integer" + type: "object" source: type: "string" required: @@ -98,6 +137,19 @@ spec: type: "string" matchOperator: type: "string" + prefixLength: + properties: + max: + format: "int32" + maximum: 128.0 + minimum: 0.0 + type: "integer" + min: + format: "int32" + maximum: 128.0 + minimum: 0.0 + type: "integer" + type: "object" source: type: "string" required: diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/globalnetworkpolicies.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/globalnetworkpolicies.yaml index a218d0979..94df5ad53 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/globalnetworkpolicies.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/globalnetworkpolicies.yaml @@ -442,7 +442,7 @@ spec: description: "NamespaceSelector is an optional field for an expression used to select a pod based on namespaces." type: "string" order: - description: "Order is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\"." + description: "Order is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order within the same tier. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\" within the tier." type: "number" performanceHints: description: "PerformanceHints contains a list of hints to Calico's policy engine to help process the policy more efficiently. Hints never change the enforcement behaviour of the policy. \n Currently, the only available hint is \"AssumeNeededOnEveryNode\". When that hint is set on a policy, Felix will act as if the policy matches a local endpoint even if it does not. This is useful for \"preloading\" any large static policies that are known to be used on every node. If the policy is _not_ used on a particular node then the work done to preload the policy (and to maintain it) is wasted." @@ -458,6 +458,9 @@ spec: serviceAccountSelector: description: "ServiceAccountSelector is an optional field for an expression used to select a pod based on service accounts." type: "string" + tier: + description: "The name of the tier that this policy belongs to. If this is omitted, the default tier (name is \"default\") is assumed. The specified tier must exist in order to create security policies within the tier, the \"default\" tier is created automatically if it does not exist, this means for deployments requiring only a single Tier, the tier name may be omitted on all policy management requests." + type: "string" types: description: "Types indicates whether this policy applies to ingress, or to egress, or to both. When not explicitly specified (and so the value on creation is empty or nil), Calico defaults Types according to what Ingress and Egress rules are present in the policy. The default is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are also no Ingress rules) \n - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules. \n When the policy is read back again, Types will always be one of these values, never empty or nil." items: diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/networkpolicies.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/networkpolicies.yaml index 078823441..f2a3ef177 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/networkpolicies.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/networkpolicies.yaml @@ -433,7 +433,7 @@ spec: type: "object" type: "array" order: - description: "Order is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\"." + description: "Order is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order within the same tier. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\" within the tier." type: "number" performanceHints: description: "PerformanceHints contains a list of hints to Calico's policy engine to help process the policy more efficiently. Hints never change the enforcement behaviour of the policy. \n Currently, the only available hint is \"AssumeNeededOnEveryNode\". When that hint is set on a policy, Felix will act as if the policy matches a local endpoint even if it does not. This is useful for \"preloading\" any large static policies that are known to be used on every node. If the policy is _not_ used on a particular node then the work done to preload the policy (and to maintain it) is wasted." @@ -446,6 +446,9 @@ spec: serviceAccountSelector: description: "ServiceAccountSelector is an optional field for an expression used to select a pod based on service accounts." type: "string" + tier: + description: "The name of the tier that this policy belongs to. If this is omitted, the default tier (name is \"default\") is assumed. The specified tier must exist in order to create security policies within the tier, the \"default\" tier is created automatically if it does not exist, this means for deployments requiring only a single Tier, the tier name may be omitted on all policy management requests." + type: "string" types: description: "Types indicates whether this policy applies to ingress, or to egress, or to both. When not explicitly specified (and so the value on creation is empty or nil), Calico defaults Types according to what Ingress and Egress are present in the policy. The default is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are also no Ingress rules) \n - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules. \n When the policy is read back again, Types will always be one of these values, never empty or nil." items: diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/tiers.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/tiers.yaml new file mode 100644 index 000000000..1f3c5732f --- /dev/null +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/tiers.yaml @@ -0,0 +1,43 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "(devel)" + name: "tiers.crd.projectcalico.org" +spec: + group: "crd.projectcalico.org" + names: + kind: "Tier" + listKind: "TierList" + plural: "tiers" + singular: "tier" + scope: "Cluster" + versions: + - name: "v1" + schema: + openAPIV3Schema: + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "TierSpec contains the specification for a security policy tier resource." + properties: + order: + description: "Order is an optional field that specifies the order in which the tier is applied. Tiers with higher \"order\" are applied after those with lower order. If the order is omitted, it may be considered to be \"infinite\" - i.e. the tier will be applied last. Tiers with identical order will be applied in alphanumerical order based on the Tier \"Name\"." + type: "number" + type: "object" + type: "object" + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml index 36dd59358..126a8ef0f 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "alertmanagers.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -47,7 +47,7 @@ spec: name: "v1" schema: openAPIV3Schema: - description: "The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.\n\n\nFor each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.\n\n\nThe resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances." + description: "The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.\n\nFor each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.\n\nThe resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -245,13 +245,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -350,13 +350,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -454,13 +454,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -559,13 +559,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -624,7 +624,7 @@ spec: properties: type: default: "OnNamespace" - description: "AlertmanagerConfigMatcherStrategyType defines the strategy used by\nAlertmanagerConfig objects to match alerts in the routes and inhibition\nrules.\n\n\nThe default value is `OnNamespace`." + description: "AlertmanagerConfigMatcherStrategyType defines the strategy used by\nAlertmanagerConfig objects to match alerts in the routes and inhibition\nrules.\n\nThe default value is `OnNamespace`." enum: - "OnNamespace" - "None" @@ -697,7 +697,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" alertmanagerConfiguration: - description: "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\n\nIf defined, it takes precedence over the `configSecret` field.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\nIf defined, it takes precedence over the `configSecret` field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." properties: global: description: "Defines the global parameters of the Alertmanager configuration." @@ -716,7 +716,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -726,7 +726,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -740,7 +740,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -757,7 +757,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -775,7 +775,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -801,7 +801,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -818,7 +818,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -836,7 +836,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -851,7 +851,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -863,7 +863,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -873,11 +873,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -902,7 +902,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -919,7 +919,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -940,7 +940,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -957,7 +957,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -978,7 +978,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -988,7 +988,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -996,7 +996,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1033,7 +1033,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1050,7 +1050,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1071,7 +1071,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1088,7 +1088,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1109,7 +1109,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1119,7 +1119,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1127,7 +1127,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1147,7 +1147,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1164,7 +1164,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1188,7 +1188,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1211,7 +1211,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1228,7 +1228,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1283,7 +1283,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1300,7 +1300,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1342,7 +1342,7 @@ spec: type: "string" type: "array" configSecret: - description: "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications)." + description: "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications)." type: "string" containers: description: "Containers allows injecting additional containers. This is meant to\nallow adding an authentication proxy to an Alertmanager pod.\nContainers described here modify an operator generated container if they\nshare the same name and modifications are done via a strategic merge\npatch. The current container names are: `alertmanager` and\n`config-reloader`. Overriding containers is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice." @@ -1383,7 +1383,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1433,7 +1433,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1460,7 +1460,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1475,7 +1475,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1674,7 +1674,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1812,7 +1813,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1912,13 +1914,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1988,7 +1993,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2027,7 +2032,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2074,7 +2079,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2205,7 +2211,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2229,7 +2235,7 @@ spec: type: "object" type: "array" enableFeatures: - description: "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nIt requires Alertmanager >= 0.27.0." + description: "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nIt requires Alertmanager >= 0.27.0." items: type: "string" type: "array" @@ -2278,7 +2284,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2322,7 +2328,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2372,7 +2378,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2399,7 +2405,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2414,7 +2420,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2613,7 +2619,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2751,7 +2758,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2851,13 +2859,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2927,7 +2938,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2966,7 +2977,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3013,7 +3024,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3144,7 +3156,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3199,7 +3211,7 @@ spec: description: "If set to true all actions on the underlying managed objects are not\ngoint to be performed, except for delete actions." type: "boolean" podMetadata: - description: "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\"." + description: "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\"." properties: annotations: additionalProperties: @@ -3230,13 +3242,16 @@ spec: description: "Define resources requests and limits for single Pods." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3292,7 +3307,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3332,18 +3347,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3408,7 +3426,7 @@ spec: description: "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -3517,7 +3535,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3660,7 +3678,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3682,7 +3700,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -3692,7 +3710,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -3725,7 +3743,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -3736,10 +3754,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." @@ -3821,7 +3839,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3831,14 +3849,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3873,7 +3891,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3895,7 +3913,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3923,12 +3941,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3974,7 +3994,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3998,7 +4018,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4038,7 +4058,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4059,7 +4079,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4147,10 +4167,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4259,7 +4279,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4276,7 +4296,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4320,7 +4340,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4341,7 +4361,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4388,7 +4408,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4399,6 +4419,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4409,7 +4439,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4418,6 +4448,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4438,7 +4469,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4516,12 +4547,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4597,7 +4628,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4684,7 +4715,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4740,12 +4771,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4755,6 +4787,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4765,11 +4798,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4780,6 +4814,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4796,7 +4831,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4804,6 +4839,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4869,7 +4905,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4960,7 +4996,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4977,7 +5013,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5006,7 +5042,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5023,7 +5059,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5046,7 +5082,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml index f8659cf7e..640be3ad6 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "podmonitors.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -20,7 +20,7 @@ spec: - name: "v1" schema: openAPIV3Schema: - description: "The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.\nAmong other things, it allows to specify:\n* The pods to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n\n`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors." + description: "The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.\nAmong other things, it allows to specify:\n* The pods to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -34,33 +34,33 @@ spec: description: "Specification of desired Pod selection for target discovery by Prometheus." properties: attachMetadata: - description: "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\n\nIt requires Prometheus >= v2.35.0." + description: "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.35.0." properties: node: - description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." + description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." type: "boolean" type: "object" bodySizeLimit: - description: "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\n\nIt requires Prometheus >= v2.28.0." + description: "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" jobLabel: - description: "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`)." + description: "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`)." type: "string" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" namespaceSelector: @@ -81,7 +81,7 @@ spec: description: "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus." properties: authorization: - description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." + description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -91,7 +91,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -101,11 +101,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`." + description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -115,7 +115,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -132,7 +132,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -143,14 +143,14 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenSecret: - description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead." + description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -163,7 +163,7 @@ spec: description: "`enableHttp2` can be used to disable HTTP2 when scraping the target." type: "boolean" filterRunning: - description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" + description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: "boolean" followRedirects: description: "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects." @@ -175,17 +175,17 @@ spec: description: "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target." type: "boolean" interval: - description: "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval." + description: "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" metricRelabelings: description: "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -211,14 +211,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -231,12 +231,12 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" oauth2: - description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." + description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -249,7 +249,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -266,7 +266,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -284,7 +284,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -299,7 +299,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -311,7 +311,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -321,11 +321,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -350,7 +350,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -367,7 +367,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -388,7 +388,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -405,7 +405,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -426,7 +426,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -436,7 +436,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -444,7 +444,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -472,22 +472,22 @@ spec: description: "`params` define optional HTTP URL parameters." type: "object" path: - description: "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." + description: "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." type: "string" port: - description: "Name of the Pod port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`." + description: "Name of the Pod port which this endpoint refers to.\n\nIt takes precedence over `targetPort`." type: "string" proxyUrl: description: "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target." type: "string" relabelings: - description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -513,14 +513,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -533,25 +533,25 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" scheme: - description: "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`." + description: "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`." enum: - "http" - "https" type: "string" scrapeTimeout: - description: "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." + description: "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" targetPort: anyOf: - type: "integer" - type: "string" - description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\n\nDeprecated: use 'port' instead." + description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' instead." x-kubernetes-int-or-string: true tlsConfig: description: "TLS configuration to use when scraping the target." @@ -567,7 +567,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -584,7 +584,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -605,7 +605,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -622,7 +622,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -643,7 +643,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -653,7 +653,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -661,7 +661,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -673,7 +673,7 @@ spec: type: "string" type: "object" trackTimestampsStaleness: - description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0." + description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0." type: "boolean" type: "object" type: "array" @@ -691,7 +691,7 @@ spec: minLength: 1 type: "string" scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." + description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml index 527ba997c..6361cfe62 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "probes.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -20,7 +20,7 @@ spec: - name: "v1" schema: openAPIV3Schema: - description: "The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).\n\n\nThe `Probe` resource needs 2 pieces of information:\n* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.\n* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.\n\n\n`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors." + description: "The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).\n\nThe `Probe` resource needs 2 pieces of information:\n* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.\n* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.\n\n`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -44,7 +44,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -54,7 +54,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -68,7 +68,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -85,7 +85,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -103,7 +103,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -120,7 +120,7 @@ spec: description: "The job name assigned to scraped metrics by default." type: "string" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" labelLimit: @@ -138,11 +138,11 @@ spec: metricRelabelings: description: "MetricRelabelConfigs to apply to samples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -168,14 +168,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -188,7 +188,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -209,7 +209,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -226,7 +226,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -244,7 +244,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -259,7 +259,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -271,7 +271,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -281,11 +281,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -310,7 +310,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -327,7 +327,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -348,7 +348,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -365,7 +365,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -386,7 +386,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -396,7 +396,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -404,7 +404,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -455,7 +455,7 @@ spec: minLength: 1 type: "string" scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." + description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: @@ -495,11 +495,11 @@ spec: relabelingConfigs: description: "RelabelConfigs to apply to the label set of the target before it gets\nscraped.\nThe original ingress address is available via the\n`__tmp_prometheus_ingress_address` label. It can be used to customize the\nprobed URL.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -525,14 +525,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -545,7 +545,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -594,11 +594,11 @@ spec: relabelingConfigs: description: "RelabelConfigs to apply to the label set of the targets before it gets\nscraped.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -624,14 +624,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -644,7 +644,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -669,7 +669,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -686,7 +686,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -707,7 +707,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -724,7 +724,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -745,7 +745,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -755,7 +755,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -763,7 +763,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml index 94e62a1e0..cf092dafa 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "prometheuses.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -47,7 +47,7 @@ spec: name: "v1" schema: openAPIV3Schema: - description: "The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.\n\n\nFor each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.\n\n\nThe resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.\n\n\nThe Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed." + description: "The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.\n\nFor each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.\n\nThe resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.\n\nThe Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -61,14 +61,14 @@ spec: description: "Specification of the desired behavior of the Prometheus cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: additionalAlertManagerConfigs: - description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\n\nThe user is responsible for making sure that the configurations are valid\n\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade." + description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -78,14 +78,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" additionalAlertRelabelConfigs: - description: "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\n\nThe user is responsible for making sure that the configurations are valid\n\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade." + description: "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -95,7 +95,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" additionalArgs: - description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged." + description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged." items: description: "Argument as part of the AdditionalArgs list." properties: @@ -118,7 +118,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -307,13 +307,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -412,13 +412,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -516,13 +516,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -621,13 +621,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -692,11 +692,11 @@ spec: alertRelabelings: description: "Relabeling configs applied before sending alerts to a specific Alertmanager.\nIt requires Prometheus >= v2.51.0." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -722,14 +722,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -742,7 +742,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -750,7 +750,7 @@ spec: description: "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"v1\" or \"v2\"." type: "string" authorization: - description: "Authorization section for Alertmanager.\n\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`." + description: "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -760,7 +760,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -770,11 +770,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth configuration for Alertmanager.\n\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`." + description: "BasicAuth configuration for Alertmanager.\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -784,7 +784,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -801,7 +801,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -812,7 +812,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenFile: - description: "File to read bearer token for Alertmanager.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File to read bearer token for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" enableHttp2: description: "Whether to enable HTTP2." @@ -822,7 +822,7 @@ spec: minLength: 1 type: "string" namespace: - description: "Namespace of the Endpoints object.\n\n\nIf not set, the object will be discovered in the namespace of the\nPrometheus object." + description: "Namespace of the Endpoints object.\n\nIf not set, the object will be discovered in the namespace of the\nPrometheus object." minLength: 1 type: "string" pathPrefix: @@ -837,11 +837,11 @@ spec: relabelings: description: "Relabel configuration applied to the discovered Alertmanagers." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -867,14 +867,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -887,7 +887,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -895,7 +895,7 @@ spec: description: "Scheme to use when firing alerts." type: "string" sigv4: - description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.48.0.\n\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`." + description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.48.0.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`." properties: accessKey: description: "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used." @@ -905,7 +905,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -931,7 +931,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -959,7 +959,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -976,7 +976,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1000,7 +1000,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1017,7 +1017,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1044,7 +1044,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1054,7 +1054,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1062,7 +1062,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1082,13 +1082,13 @@ spec: - "alertmanagers" type: "object" allowOverlappingBlocks: - description: "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default." + description: "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default." type: "boolean" apiserverConfig: description: "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." properties: authorization: - description: "Authorization section for the API server.\n\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`." + description: "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -1098,7 +1098,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1111,11 +1111,11 @@ spec: description: "File to read a secret from, mutually exclusive with `credentials`." type: "string" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth configuration for the API server.\n\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`." + description: "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -1125,7 +1125,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1142,7 +1142,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1153,10 +1153,10 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerToken: - description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release." + description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release." type: "string" bearerTokenFile: - description: "File to read bearer token for accessing apiserver.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" host: description: "Kubernetes API address consisting of a hostname or IP address followed\nby an optional port number." @@ -1175,7 +1175,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1192,7 +1192,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1216,7 +1216,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1233,7 +1233,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1260,7 +1260,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1270,7 +1270,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1278,7 +1278,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1299,13 +1299,13 @@ spec: type: "boolean" type: "object" automountServiceAccountToken: - description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container." + description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container." type: "boolean" baseImage: description: "Deprecated: use 'spec.image' instead." type: "string" bodySizeLimit: - description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit." + description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" configMaps: @@ -1314,7 +1314,7 @@ spec: type: "string" type: "array" containers: - description: "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." + description: "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: @@ -1352,7 +1352,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1402,7 +1402,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1429,7 +1429,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1444,7 +1444,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1643,7 +1643,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1781,7 +1782,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1881,13 +1883,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1957,7 +1962,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1996,7 +2001,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2043,7 +2048,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2174,7 +2180,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2201,47 +2207,47 @@ spec: description: "When true, the Prometheus compaction is disabled." type: "boolean" enableAdminAPI: - description: "Enables access to the Prometheus web admin API.\n\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" + description: "Enables access to the Prometheus web admin API.\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" type: "boolean" enableFeatures: - description: "Enable access to Prometheus feature flags. By default, no features are enabled.\n\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" + description: "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: minLength: 1 type: "string" type: "array" x-kubernetes-list-type: "set" enableRemoteWriteReceiver: - description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0." + description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0." type: "boolean" enforcedBodySizeLimit: - description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0.\n\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit." + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" enforcedKeepDroppedTargets: - description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets." + description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets." format: "int64" type: "integer" enforcedLabelLimit: - description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit." + description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit." format: "int64" type: "integer" enforcedLabelNameLengthLimit: - description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit." + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit." format: "int64" type: "integer" enforcedLabelValueLengthLimit: - description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit." + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit." format: "int64" type: "integer" enforcedNamespaceLabel: - description: "When not empty, a label will be added to:\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object." + description: "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object." type: "string" enforcedSampleLimit: - description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit." + description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit." format: "int64" type: "integer" enforcedTargetLimit: - description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit." + description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit." format: "int64" type: "integer" evaluationInterval: @@ -2250,7 +2256,7 @@ spec: pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" excludedFromEnforcement: - description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true." + description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true." items: description: "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object." properties: @@ -2285,7 +2291,7 @@ spec: description: "Exemplars related settings that are runtime reloadable.\nIt requires to enable the `exemplar-storage` feature flag to be effective." properties: maxSize: - description: "Maximum number of exemplars stored in memory for all series.\n\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage." + description: "Maximum number of exemplars stored in memory for all series.\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage." format: "int64" type: "integer" type: "object" @@ -2319,13 +2325,13 @@ spec: - "ip" x-kubernetes-list-type: "map" hostNetwork: - description: "Use the host's network namespace if true.\n\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically." + description: "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically." type: "boolean" ignoreNamespaceSelectors: description: "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor\nand Probe objects will be ignored. They will only discover targets\nwithin the namespace of the PodMonitor, ServiceMonitor and Probe\nobject." type: "boolean" image: - description: "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released." + description: "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released." type: "string" imagePullPolicy: description: "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details." @@ -2342,13 +2348,13 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" initContainers: - description: "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." + description: "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: @@ -2386,7 +2392,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2436,7 +2442,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2463,7 +2469,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2478,7 +2484,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2677,7 +2683,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2815,7 +2822,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2915,13 +2923,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2991,7 +3002,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3030,7 +3041,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3077,7 +3088,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3208,7 +3220,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3232,19 +3244,19 @@ spec: type: "object" type: "array" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit." format: "int64" type: "integer" listenLocal: @@ -3272,7 +3284,7 @@ spec: minimum: 60.0 type: "integer" minReadySeconds: - description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." + description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" nodeSelector: @@ -3312,7 +3324,7 @@ spec: type: "string" type: "object" podMetadata: - description: "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\"." + description: "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\"." properties: annotations: additionalProperties: @@ -3362,7 +3374,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" podMonitorSelector: - description: "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." + description: "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3440,7 +3452,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" probeSelector: - description: "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." + description: "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3473,7 +3485,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" prometheusExternalLabelName: - description: "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\n\nDefault: \"prometheus\"" + description: "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\nDefault: \"prometheus\"" type: "string" prometheusRulesExcludedFromEnforce: description: "Defines the list of PrometheusRule objects to which the namespace label\nenforcement doesn't apply.\nThis is only relevant when `spec.enforcedNamespaceLabel` is set to true.\nDeprecated: use `spec.excludedFromEnforcement` instead." @@ -3512,7 +3524,7 @@ spec: type: "string" type: "object" queryLogFile: - description: "queryLogFile specifies where the file to which PromQL queries are logged.\n\n\nIf the filename has an empty path, e.g. 'query.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/query.log', you\nmust mount a volume in the specified directory and it must be writable.\nThis is because the prometheus container runs with a read-only root\nfilesystem for security reasons.\nAlternatively, the location can be set to a standard I/O stream, e.g.\n`/dev/stdout`, to log query information to the default Prometheus log\nstream." + description: "queryLogFile specifies where the file to which PromQL queries are logged.\n\nIf the filename has an empty path, e.g. 'query.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/query.log', you\nmust mount a volume in the specified directory and it must be writable.\nThis is because the prometheus container runs with a read-only root\nfilesystem for security reasons.\nAlternatively, the location can be set to a standard I/O stream, e.g.\n`/dev/stdout`, to log query information to the default Prometheus log\nstream." type: "string" reloadStrategy: description: "Defines the strategy used to reload the Prometheus configuration.\nIf not specified, the configuration is reloaded using the /-/reload HTTP endpoint." @@ -3526,7 +3538,7 @@ spec: description: "RemoteReadSpec defines the configuration for Prometheus to read back samples\nfrom a remote endpoint." properties: authorization: - description: "Authorization section for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." + description: "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -3536,7 +3548,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3549,11 +3561,11 @@ spec: description: "File to read a secret from, mutually exclusive with `credentials`." type: "string" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth configuration for the URL.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`." + description: "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -3563,7 +3575,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3580,7 +3592,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3591,16 +3603,16 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerToken: - description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release." + description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release." type: "string" bearerTokenFile: - description: "File from which to read the bearer token for the URL.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File from which to read the bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" filterExternalLabels: - description: "Whether to use the external labels as selectors for the remote read endpoint.\n\n\nIt requires Prometheus >= v2.34.0." + description: "Whether to use the external labels as selectors for the remote read endpoint.\n\nIt requires Prometheus >= v2.34.0." type: "boolean" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0." + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0." type: "boolean" headers: additionalProperties: @@ -3608,13 +3620,13 @@ spec: description: "Custom HTTP headers to be sent along with each remote read request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\nOnly valid in Prometheus versions 2.26.0 and newer." type: "object" name: - description: "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\n\nIt requires Prometheus >= v2.15.0." + description: "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\nIt requires Prometheus >= v2.15.0." type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." + description: "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -3627,7 +3639,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3644,7 +3656,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3662,7 +3674,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3677,7 +3689,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3689,7 +3701,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3699,11 +3711,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3728,7 +3740,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3745,7 +3757,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3766,7 +3778,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3783,7 +3795,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3804,7 +3816,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3814,7 +3826,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3822,7 +3834,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3852,7 +3864,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3862,11 +3874,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3898,7 +3910,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3915,7 +3927,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3939,7 +3951,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3956,7 +3968,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3983,7 +3995,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3993,7 +4005,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4001,7 +4013,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4025,7 +4037,7 @@ spec: description: "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint." properties: authorization: - description: "Authorization section for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`." + description: "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -4035,7 +4047,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4048,11 +4060,11 @@ spec: description: "File to read a secret from, mutually exclusive with `credentials`." type: "string" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" azureAd: - description: "AzureAD for the URL.\n\n\nIt requires Prometheus >= v2.45.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`." + description: "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`." properties: cloud: description: "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'." @@ -4071,7 +4083,7 @@ spec: - "clientId" type: "object" oauth: - description: "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\n\nIt requires Prometheus >= v2.48.0." + description: "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0." properties: clientId: description: "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate." @@ -4085,7 +4097,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4105,7 +4117,7 @@ spec: - "tenantId" type: "object" sdk: - description: "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\n\nIt requires Prometheus >= 2.52.0." + description: "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= 2.52.0." properties: tenantId: description: "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate." @@ -4114,7 +4126,7 @@ spec: type: "object" type: "object" basicAuth: - description: "BasicAuth configuration for the URL.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`." + description: "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -4124,7 +4136,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4141,7 +4153,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4152,21 +4164,21 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerToken: - description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release." + description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release." type: "string" bearerTokenFile: - description: "File from which to read bearer token for the URL.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0." + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0." type: "boolean" headers: additionalProperties: type: "string" - description: "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\n\nIt requires Prometheus >= v2.25.0." + description: "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0." type: "object" metadataConfig: description: "MetadataConfig configures the sending of series metadata to the remote storage." @@ -4180,13 +4192,13 @@ spec: type: "string" type: "object" name: - description: "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\n\nIt requires Prometheus >= v2.15.0." + description: "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0." type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`." + description: "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -4199,7 +4211,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4216,7 +4228,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4234,7 +4246,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4249,7 +4261,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4261,7 +4273,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4271,11 +4283,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4300,7 +4312,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4317,7 +4329,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4338,7 +4350,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4355,7 +4367,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4376,7 +4388,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4386,7 +4398,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4394,7 +4406,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4424,7 +4436,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4434,11 +4446,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4475,7 +4487,7 @@ spec: description: "MinShards is the minimum number of shards, i.e. amount of concurrency." type: "integer" retryOnRateLimit: - description: "Retry upon receiving a 429 status code from the remote-write storage.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." type: "boolean" sampleAgeLimit: description: "SampleAgeLimit drops samples older than the limit.\nIt requires Prometheus >= v2.50.0." @@ -4487,13 +4499,13 @@ spec: pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" sendExemplars: - description: "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0." type: "boolean" sendNativeHistograms: - description: "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\n\nIt requires Prometheus >= v2.40.0." + description: "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0." type: "boolean" sigv4: - description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`." + description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`." properties: accessKey: description: "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used." @@ -4503,7 +4515,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4529,7 +4541,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4553,7 +4565,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4570,7 +4582,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4594,7 +4606,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4611,7 +4623,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4638,7 +4650,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4648,7 +4660,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4656,7 +4668,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4673,11 +4685,11 @@ spec: writeRelabelConfigs: description: "The list of remote write relabel configurations." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -4703,14 +4715,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -4723,7 +4735,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -4732,23 +4744,26 @@ spec: type: "object" type: "array" replicaExternalLabelName: - description: "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\n\nDefault: \"prometheus_replica\"" + description: "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\nDefault: \"prometheus_replica\"" type: "string" replicas: - description: "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\n\nDefault: 1" + description: "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\nDefault: 1" format: "int32" type: "integer" resources: description: "Defines the resources requests and limits of the 'prometheus' container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4776,7 +4791,7 @@ spec: type: "object" type: "object" retention: - description: "How long to retain the Prometheus data.\n\n\nDefault: \"24h\" if `spec.retention` and `spec.retentionSize` are empty." + description: "How long to retain the Prometheus data.\n\nDefault: \"24h\" if `spec.retention` and `spec.retentionSize` are empty." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" retentionSize: @@ -4784,7 +4799,7 @@ spec: pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" routePrefix: - description: "The route prefix Prometheus registers HTTP handlers for.\n\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." + description: "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." type: "string" ruleNamespaceSelector: description: "Namespaces to match for PrometheusRule discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only." @@ -4856,10 +4871,10 @@ spec: description: "Defines the configuration of the Prometheus rules' engine." properties: alert: - description: "Defines the parameters of the Prometheus rules' engine.\n\n\nAny update to these parameters trigger a restart of the pods." + description: "Defines the parameters of the Prometheus rules' engine.\n\nAny update to these parameters trigger a restart of the pods." properties: forGracePeriod: - description: "Minimum duration between alert and restored 'for' state.\n\n\nThis is maintained only for alerts with a configured 'for' time greater\nthan the grace period." + description: "Minimum duration between alert and restored 'for' state.\n\nThis is maintained only for alerts with a configured 'for' time greater\nthan the grace period." type: "string" forOutageTolerance: description: "Max time to tolerate prometheus outage for restoring 'for' state of\nalert." @@ -4870,31 +4885,31 @@ spec: type: "object" type: "object" sampleLimit: - description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." + description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." format: "int64" type: "integer" scrapeClasses: - description: "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." items: properties: attachMetadata: description: "AttachMetadata configures additional metadata to the discovered targets.\nWhen the scrape object defines its own configuration, it takes\nprecedence over the scrape class configuration." properties: node: - description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." + description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." type: "boolean" type: "object" default: - description: "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\n\nOnly one scrape class can be set as the default." + description: "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\nOnly one scrape class can be set as the default." type: "boolean" metricRelabelings: - description: "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" + description: "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -4920,14 +4935,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -4940,7 +4955,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -4949,13 +4964,13 @@ spec: minLength: 1 type: "string" relabelings: - description: "Relabelings configures the relabeling rules to apply to all scrape targets.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "Relabelings configures the relabeling rules to apply to all scrape targets.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -4981,14 +4996,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -5001,12 +5016,12 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" tlsConfig: - description: "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported." + description: "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -5019,7 +5034,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5036,7 +5051,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5060,7 +5075,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5077,7 +5092,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5104,7 +5119,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5114,7 +5129,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5122,7 +5137,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5141,7 +5156,7 @@ spec: - "name" x-kubernetes-list-type: "map" scrapeConfigNamespaceSelector: - description: "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." + description: "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5174,7 +5189,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" scrapeConfigSelector: - description: "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." + description: "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5208,11 +5223,11 @@ spec: x-kubernetes-map-type: "atomic" scrapeInterval: default: "30s" - description: "Interval between consecutive scrapes.\n\n\nDefault: \"30s\"" + description: "Interval between consecutive scrapes.\n\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: @@ -5249,7 +5264,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -5289,18 +5304,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -5339,7 +5357,7 @@ spec: description: "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods." type: "string" serviceDiscoveryRole: - description: "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role." + description: "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role." enum: - "Endpoints" - "EndpointSlice" @@ -5378,7 +5396,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" serviceMonitorSelector: - description: "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." + description: "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5414,7 +5432,7 @@ spec: description: "Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name." type: "string" shards: - description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\n\nDefault: 1" + description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1" format: "int32" type: "integer" storage: @@ -5441,7 +5459,7 @@ spec: description: "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -5550,7 +5568,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5693,7 +5711,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5715,7 +5733,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -5725,7 +5743,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -5758,7 +5776,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -5769,10 +5787,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." @@ -5793,7 +5811,7 @@ spec: description: "Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name." type: "string" targetLimit: - description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit." + description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit." format: "int64" type: "integer" thanos: @@ -5820,7 +5838,7 @@ spec: type: "string" blockSize: default: "2h" - description: "BlockDuration controls the size of TSDB blocks produced by Prometheus.\nThe default value is 2h to match the upstream Prometheus defaults.\n\n\nWARNING: Changing the block duration can impact the performance and\nefficiency of the entire Prometheus/Thanos stack due to how it interacts\nwith memory and Thanos compactors. It is recommended to keep this value\nset to a multiple of 120 times your longest scrape or rule interval. For\nexample, 30s * 120 = 1h." + description: "BlockDuration controls the size of TSDB blocks produced by Prometheus.\nThe default value is 2h to match the upstream Prometheus defaults.\n\nWARNING: Changing the block duration can impact the performance and\nefficiency of the entire Prometheus/Thanos stack due to how it interacts\nwith memory and Thanos compactors. It is recommended to keep this value\nset to a multiple of 120 times your longest scrape or rule interval. For\nexample, 30s * 120 = 1h." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" getConfigInterval: @@ -5832,10 +5850,10 @@ spec: pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" grpcListenLocal: - description: "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the gRPC endpoints.\n\n\nIt has no effect if `listenLocal` is true." + description: "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the gRPC endpoints.\n\nIt has no effect if `listenLocal` is true." type: "boolean" grpcServerTlsConfig: - description: "Configures the TLS parameters for the gRPC server providing the StoreAPI.\n\n\nNote: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported." + description: "Configures the TLS parameters for the gRPC server providing the StoreAPI.\n\nNote: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -5848,7 +5866,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5865,7 +5883,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5889,7 +5907,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5906,7 +5924,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5933,7 +5951,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5943,7 +5961,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5951,7 +5969,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5963,10 +5981,10 @@ spec: type: "string" type: "object" httpListenLocal: - description: "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the HTTP endpoints.\n\n\nIt has no effect if `listenLocal` is true." + description: "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the HTTP endpoints.\n\nIt has no effect if `listenLocal` is true." type: "boolean" image: - description: "Container image name for Thanos. If specified, it takes precedence over\nthe `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`\nfields.\n\n\nSpecifying `spec.thanos.version` is still necessary to ensure the\nPrometheus Operator knows which version of Thanos is being configured.\n\n\nIf neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,\nthe operator will use the latest upstream version of Thanos available at\nthe time when the operator was released." + description: "Container image name for Thanos. If specified, it takes precedence over\nthe `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`\nfields.\n\nSpecifying `spec.thanos.version` is still necessary to ensure the\nPrometheus Operator knows which version of Thanos is being configured.\n\nIf neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,\nthe operator will use the latest upstream version of Thanos available at\nthe time when the operator was released." type: "string" listenLocal: description: "Deprecated: use `grpcListenLocal` and `httpListenLocal` instead." @@ -5991,14 +6009,14 @@ spec: description: "Defines the start of time range limit served by the Thanos sidecar's StoreAPI.\nThe field's value should be a constant time in RFC3339 format or a time\nduration relative to current time, such as -1d or 2h45m. Valid duration\nunits are ms, s, m, h, d, w, y." type: "string" objectStorageConfig: - description: "Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.\n\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\n\nobjectStorageConfigFile takes precedence over this field." + description: "Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nobjectStorageConfigFile takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6008,7 +6026,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" objectStorageConfigFile: - description: "Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.\n\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\n\nThis field takes precedence over objectStorageConfig." + description: "Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nThis field takes precedence over objectStorageConfig." type: "string" readyTimeout: description: "ReadyTimeout is the maximum time that the Thanos sidecar will wait for\nPrometheus to start." @@ -6018,13 +6036,16 @@ spec: description: "Defines the resources requests and limits of the Thanos sidecar." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6058,14 +6079,14 @@ spec: description: "Deprecated: use 'image' instead. The image's tag can be specified as as part of the image name." type: "string" tracingConfig: - description: "Defines the tracing configuration for the Thanos sidecar.\n\n\n`tracingConfigFile` takes precedence over this field.\n\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Defines the tracing configuration for the Thanos sidecar.\n\n`tracingConfigFile` takes precedence over this field.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6075,10 +6096,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" tracingConfigFile: - description: "Defines the tracing configuration file for the Thanos sidecar.\n\n\nThis field takes precedence over `tracingConfig`.\n\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Defines the tracing configuration file for the Thanos sidecar.\n\nThis field takes precedence over `tracingConfig`.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." type: "string" version: - description: "Version of Thanos being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\n\nIf not specified, the operator assumes the latest upstream release of\nThanos available at the time when the version of the operator was\nreleased." + description: "Version of Thanos being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream release of\nThanos available at the time when the version of the operator was\nreleased." type: "string" volumeMounts: description: "VolumeMounts allows configuration of additional VolumeMounts for Thanos.\nVolumeMounts specified will be appended to other VolumeMounts in the\n'thanos-sidecar' container." @@ -6098,7 +6119,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6179,7 +6200,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -6189,14 +6210,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -6211,7 +6232,7 @@ spec: type: "object" type: "array" tracingConfig: - description: "TracingConfig configures tracing in Prometheus.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "TracingConfig configures tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." properties: clientType: description: "Client used to export the traces. Supported values are `http` or `grpc`." @@ -6261,7 +6282,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6278,7 +6299,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6302,7 +6323,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6319,7 +6340,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6346,7 +6367,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6356,7 +6377,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6364,7 +6385,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6379,18 +6400,18 @@ spec: - "endpoint" type: "object" tsdb: - description: "Defines the runtime reloadable configuration of the timeseries database\n(TSDB)." + description: "Defines the runtime reloadable configuration of the timeseries database(TSDB).\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0." properties: outOfOrderTimeWindow: - description: "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\n\nIt requires Prometheus >= v2.39.0." + description: "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" type: "object" version: - description: "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased." + description: "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased." type: "string" volumeMounts: - description: "VolumeMounts allows the configuration of additional VolumeMounts.\n\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects." + description: "VolumeMounts allows the configuration of additional VolumeMounts.\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: @@ -6407,7 +6428,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6429,7 +6450,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -6457,12 +6478,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -6508,7 +6531,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6532,7 +6555,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6572,7 +6595,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -6593,7 +6616,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6681,10 +6704,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -6793,7 +6816,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -6810,7 +6833,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -6854,7 +6877,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6875,7 +6898,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -6922,7 +6945,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -6933,6 +6956,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -6943,7 +6976,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -6952,6 +6985,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -6972,7 +7006,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7050,12 +7084,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -7131,7 +7165,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -7218,7 +7252,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -7274,12 +7308,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -7289,6 +7324,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -7299,11 +7335,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -7314,6 +7351,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -7330,7 +7368,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7338,6 +7376,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -7403,7 +7442,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7437,7 +7476,7 @@ spec: type: "object" type: "array" walCompression: - description: "Configures compression of the write-ahead log (WAL) using Snappy.\n\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\n\nRequires Prometheus v2.11.0 and above." + description: "Configures compression of the write-ahead log (WAL) using Snappy.\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\nRequires Prometheus v2.11.0 and above." type: "boolean" web: description: "Defines the configuration of the Prometheus web server." @@ -7497,7 +7536,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7514,7 +7553,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7543,7 +7582,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7560,7 +7599,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7583,7 +7622,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheusrules.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheusrules.yaml index c08a3fec5..cf894e004 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheusrules.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheusrules.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "prometheusrules.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -20,7 +20,7 @@ spec: - name: "v1" schema: openAPIV3Schema: - description: "The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.\n\n\n`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors." + description: "The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.\n\n`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml index 56d25d783..23ff5b96c 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "servicemonitors.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -20,7 +20,7 @@ spec: - name: "v1" schema: openAPIV3Schema: - description: "The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.\nAmong other things, it allows to specify:\n* The services to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n\n`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors." + description: "The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.\nAmong other things, it allows to specify:\n* The services to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -34,14 +34,14 @@ spec: description: "Specification of desired Service selection for target discovery by\nPrometheus." properties: attachMetadata: - description: "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\n\nIt requires Prometheus >= v2.37.0." + description: "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.37.0." properties: node: - description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." + description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." type: "boolean" type: "object" bodySizeLimit: - description: "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\n\nIt requires Prometheus >= v2.28.0." + description: "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" endpoints: @@ -50,7 +50,7 @@ spec: description: "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus." properties: authorization: - description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." + description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -60,7 +60,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -70,11 +70,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`." + description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -84,7 +84,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -101,7 +101,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -112,17 +112,17 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenFile: - description: "File to read bearer token for scraping the target.\n\n\nDeprecated: use `authorization` instead." + description: "File to read bearer token for scraping the target.\n\nDeprecated: use `authorization` instead." type: "string" bearerTokenSecret: - description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead." + description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -135,7 +135,7 @@ spec: description: "`enableHttp2` can be used to disable HTTP2 when scraping the target." type: "boolean" filterRunning: - description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" + description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: "boolean" followRedirects: description: "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects." @@ -147,17 +147,17 @@ spec: description: "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target." type: "boolean" interval: - description: "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval." + description: "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" metricRelabelings: description: "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -183,14 +183,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -203,12 +203,12 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" oauth2: - description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." + description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -221,7 +221,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -238,7 +238,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -256,7 +256,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -271,7 +271,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -283,7 +283,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -293,11 +293,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -322,7 +322,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -339,7 +339,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -360,7 +360,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -377,7 +377,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -398,7 +398,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -408,7 +408,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -416,7 +416,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -444,22 +444,22 @@ spec: description: "params define optional HTTP URL parameters." type: "object" path: - description: "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." + description: "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." type: "string" port: - description: "Name of the Service port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`." + description: "Name of the Service port which this endpoint refers to.\n\nIt takes precedence over `targetPort`." type: "string" proxyUrl: description: "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target." type: "string" relabelings: - description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -485,14 +485,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -505,18 +505,18 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" scheme: - description: "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`." + description: "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`." enum: - "http" - "https" type: "string" scrapeTimeout: - description: "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." + description: "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" targetPort: @@ -539,7 +539,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -556,7 +556,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -580,7 +580,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -597,7 +597,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -624,7 +624,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -634,7 +634,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -642,7 +642,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -654,27 +654,27 @@ spec: type: "string" type: "object" trackTimestampsStaleness: - description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0." + description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0." type: "boolean" type: "object" type: "array" jobLabel: - description: "`jobLabel` selects the label from the associated Kubernetes `Service`\nobject which will be used as the `job` label for all metrics.\n\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Service`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\n\nIf the value of this field is empty or if the label doesn't exist for\nthe given Service, the `job` label of the metrics defaults to the name\nof the associated Kubernetes `Service`." + description: "`jobLabel` selects the label from the associated Kubernetes `Service`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Service`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty or if the label doesn't exist for\nthe given Service, the `job` label of the metrics defaults to the name\nof the associated Kubernetes `Service`." type: "string" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" namespaceSelector: @@ -703,7 +703,7 @@ spec: minLength: 1 type: "string" scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." + description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml index 46bdc8236..d20f7d60f 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "thanosrulers.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -47,7 +47,7 @@ spec: name: "v1" schema: openAPIV3Schema: - description: "The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.\n\n\nA `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).\n\n\nThe resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances." + description: "The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.\n\nA `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).\n\nThe resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -256,13 +256,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -361,13 +361,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -465,13 +465,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -570,13 +570,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -649,7 +649,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -666,7 +666,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -719,7 +719,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -769,7 +769,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -796,7 +796,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -811,7 +811,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1010,7 +1010,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1148,7 +1149,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1248,13 +1250,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1324,7 +1329,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1363,7 +1368,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1410,7 +1415,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1541,7 +1547,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1621,7 +1627,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1638,7 +1644,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1662,7 +1668,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1679,7 +1685,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1706,7 +1712,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1716,7 +1722,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1724,7 +1730,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1774,7 +1780,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1818,7 +1824,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1868,7 +1874,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1895,7 +1901,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1910,7 +1916,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2109,7 +2115,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2247,7 +2254,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2347,13 +2355,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2423,7 +2434,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2462,7 +2473,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2509,7 +2520,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2640,7 +2652,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2704,7 +2716,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2720,7 +2732,7 @@ spec: description: "When a ThanosRuler deployment is paused, no actions except for deletion\nwill be performed on the underlying objects." type: "boolean" podMetadata: - description: "PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\"." + description: "PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\"." properties: annotations: additionalProperties: @@ -2767,7 +2779,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2789,13 +2801,16 @@ spec: description: "Resources defines the resource requirements for single Pods.\nIf not provided, no requests/limits will be set" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2912,7 +2927,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -2952,18 +2967,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3025,7 +3043,7 @@ spec: description: "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -3134,7 +3152,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3277,7 +3295,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3299,7 +3317,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -3309,7 +3327,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -3342,7 +3360,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -3353,10 +3371,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." @@ -3435,7 +3453,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3445,14 +3463,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3467,14 +3485,14 @@ spec: type: "object" type: "array" tracingConfig: - description: "TracingConfig configures tracing in Thanos.\n\n\n`tracingConfigFile` takes precedence over this field.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "TracingConfig configures tracing in Thanos.\n\n`tracingConfigFile` takes precedence over this field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3484,7 +3502,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" tracingConfigFile: - description: "TracingConfig specifies the path of the tracing configuration file.\n\n\nThis field takes precedence over `tracingConfig`.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "TracingConfig specifies the path of the tracing configuration file.\n\nThis field takes precedence over `tracingConfig`.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." type: "string" version: description: "Version of Thanos to be deployed." @@ -3507,7 +3525,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3529,7 +3547,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3557,12 +3575,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3608,7 +3628,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3632,7 +3652,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3672,7 +3692,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3693,7 +3713,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3781,10 +3801,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -3893,7 +3913,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3910,7 +3930,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -3954,7 +3974,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3975,7 +3995,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4022,7 +4042,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4033,6 +4053,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4043,7 +4073,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4052,6 +4082,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4072,7 +4103,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4150,12 +4181,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4231,7 +4262,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4318,7 +4349,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4374,12 +4405,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4389,6 +4421,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4399,11 +4432,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4414,6 +4448,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4430,7 +4465,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4438,6 +4473,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4503,7 +4539,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4586,7 +4622,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4603,7 +4639,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4632,7 +4668,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4649,7 +4685,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4672,7 +4708,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml index 05073201c..286ff028a 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "alertmanagerconfigs.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -167,6 +167,8 @@ spec: type: "array" type: "object" type: "array" + required: + - "name" type: "object" type: "array" receivers: @@ -187,7 +189,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -210,7 +212,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -220,7 +222,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -234,7 +236,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -251,7 +253,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -269,7 +271,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -295,7 +297,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -312,7 +314,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -330,7 +332,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -345,7 +347,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -357,7 +359,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -367,11 +369,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -396,7 +398,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -413,7 +415,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -434,7 +436,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -451,7 +453,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -472,7 +474,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -482,7 +484,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -490,7 +492,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -527,7 +529,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -544,7 +546,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -565,7 +567,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -582,7 +584,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -603,7 +605,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -613,7 +615,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -621,7 +623,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -662,7 +664,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -679,7 +681,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -743,7 +745,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -760,7 +762,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -781,7 +783,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -798,7 +800,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -819,7 +821,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -829,7 +831,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -837,7 +839,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -872,7 +874,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -882,7 +884,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -896,7 +898,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -913,7 +915,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -931,7 +933,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -957,7 +959,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -974,7 +976,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -992,7 +994,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1007,7 +1009,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -1019,7 +1021,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1029,11 +1031,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1058,7 +1060,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1075,7 +1077,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1096,7 +1098,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1113,7 +1115,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1134,7 +1136,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1144,7 +1146,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1152,7 +1154,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1189,7 +1191,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1206,7 +1208,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1227,7 +1229,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1244,7 +1246,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1265,7 +1267,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1275,7 +1277,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1283,7 +1285,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1315,7 +1317,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1348,7 +1350,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1397,7 +1399,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1407,7 +1409,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -1421,7 +1423,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1438,7 +1440,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1456,7 +1458,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1482,7 +1484,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1499,7 +1501,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1517,7 +1519,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1532,7 +1534,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -1544,7 +1546,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1554,11 +1556,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1583,7 +1585,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1600,7 +1602,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1621,7 +1623,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1638,7 +1640,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1659,7 +1661,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1669,7 +1671,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1677,7 +1679,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1714,7 +1716,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1731,7 +1733,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1752,7 +1754,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1769,7 +1771,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1790,7 +1792,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1800,7 +1802,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1808,7 +1810,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1919,7 +1921,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1929,7 +1931,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -1943,7 +1945,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1960,7 +1962,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1978,7 +1980,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2004,7 +2006,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2021,7 +2023,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2039,7 +2041,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2054,7 +2056,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -2066,7 +2068,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2076,11 +2078,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2105,7 +2107,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2122,7 +2124,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2143,7 +2145,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2160,7 +2162,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2181,7 +2183,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2191,7 +2193,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2199,7 +2201,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2236,7 +2238,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2253,7 +2255,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2274,7 +2276,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2291,7 +2293,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2312,7 +2314,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2322,7 +2324,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2330,7 +2332,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2379,7 +2381,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2399,7 +2401,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2448,7 +2450,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2458,7 +2460,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -2472,7 +2474,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2489,7 +2491,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2507,7 +2509,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2533,7 +2535,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2550,7 +2552,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2568,7 +2570,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2583,7 +2585,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -2595,7 +2597,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2605,11 +2607,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2634,7 +2636,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2651,7 +2653,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2672,7 +2674,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2689,7 +2691,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2710,7 +2712,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2720,7 +2722,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2728,7 +2730,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2765,7 +2767,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2782,7 +2784,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2803,7 +2805,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2820,7 +2822,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2841,7 +2843,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2851,7 +2853,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2859,7 +2861,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2898,7 +2900,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2928,7 +2930,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2994,7 +2996,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3046,7 +3048,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3056,7 +3058,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -3070,7 +3072,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3087,7 +3089,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3105,7 +3107,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3131,7 +3133,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3148,7 +3150,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3166,7 +3168,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3181,7 +3183,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3193,7 +3195,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3203,11 +3205,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3232,7 +3234,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3249,7 +3251,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3270,7 +3272,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3287,7 +3289,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3308,7 +3310,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3318,7 +3320,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3326,7 +3328,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3363,7 +3365,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3380,7 +3382,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3401,7 +3403,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3418,7 +3420,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3439,7 +3441,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3449,7 +3451,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3457,7 +3459,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3527,7 +3529,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3537,7 +3539,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -3551,7 +3553,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3568,7 +3570,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3586,7 +3588,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3612,7 +3614,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3629,7 +3631,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3647,7 +3649,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3662,7 +3664,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3674,7 +3676,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3684,11 +3686,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3713,7 +3715,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3730,7 +3732,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3751,7 +3753,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3768,7 +3770,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3789,7 +3791,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3799,7 +3801,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3807,7 +3809,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3844,7 +3846,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3861,7 +3863,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3882,7 +3884,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3899,7 +3901,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3920,7 +3922,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3930,7 +3932,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3938,7 +3940,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3970,7 +3972,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3996,7 +3998,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4026,14 +4028,14 @@ spec: description: "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used." type: "string" botToken: - description: "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\n\nEither `botToken` or `botTokenFile` is required." + description: "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4043,7 +4045,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" botTokenFile: - description: "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\n\nIt requires Alertmanager >= v0.26.0." + description: "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0." type: "string" chatID: description: "The Telegram chat ID." @@ -4066,7 +4068,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4076,7 +4078,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -4090,7 +4092,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4107,7 +4109,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4125,7 +4127,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4151,7 +4153,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4168,7 +4170,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4186,7 +4188,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4201,7 +4203,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4213,7 +4215,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4223,11 +4225,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4252,7 +4254,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4269,7 +4271,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4290,7 +4292,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4307,7 +4309,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4328,7 +4330,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4338,7 +4340,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4346,7 +4348,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4383,7 +4385,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4400,7 +4402,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4421,7 +4423,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4438,7 +4440,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4459,7 +4461,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4469,7 +4471,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4477,7 +4479,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4502,6 +4504,8 @@ spec: sendResolved: description: "Whether to notify about resolved alerts." type: "boolean" + required: + - "chatID" type: "object" type: "array" victoropsConfigs: @@ -4517,7 +4521,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4563,7 +4567,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4573,7 +4577,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -4587,7 +4591,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4604,7 +4608,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4622,7 +4626,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4648,7 +4652,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4665,7 +4669,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4683,7 +4687,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4698,7 +4702,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4710,7 +4714,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4720,11 +4724,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4749,7 +4753,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4766,7 +4770,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4787,7 +4791,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4804,7 +4808,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4825,7 +4829,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4835,7 +4839,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4843,7 +4847,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4880,7 +4884,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4897,7 +4901,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4918,7 +4922,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4935,7 +4939,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4956,7 +4960,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4966,7 +4970,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4974,7 +4978,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5026,7 +5030,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5036,7 +5040,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -5050,7 +5054,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5067,7 +5071,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5085,7 +5089,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5111,7 +5115,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5128,7 +5132,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5146,7 +5150,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5161,7 +5165,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -5173,7 +5177,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5183,11 +5187,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5212,7 +5216,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5229,7 +5233,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5250,7 +5254,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5267,7 +5271,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5288,7 +5292,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5298,7 +5302,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5306,7 +5310,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5343,7 +5347,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5360,7 +5364,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5381,7 +5385,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5398,7 +5402,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5419,7 +5423,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5429,7 +5433,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5437,7 +5441,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5482,7 +5486,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5492,7 +5496,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -5506,7 +5510,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5523,7 +5527,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5541,7 +5545,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5567,7 +5571,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5584,7 +5588,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5602,7 +5606,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5617,7 +5621,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -5629,7 +5633,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5639,11 +5643,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5668,7 +5672,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5685,7 +5689,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5706,7 +5710,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5723,7 +5727,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5744,7 +5748,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5754,7 +5758,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5762,7 +5766,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5799,7 +5803,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5816,7 +5820,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5837,7 +5841,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5854,7 +5858,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5875,7 +5879,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5885,7 +5889,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5893,7 +5897,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5924,7 +5928,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5950,7 +5954,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5979,7 +5983,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5989,7 +5993,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -6003,7 +6007,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6020,7 +6024,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6038,7 +6042,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6064,7 +6068,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6081,7 +6085,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6099,7 +6103,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6114,7 +6118,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -6126,7 +6130,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6136,11 +6140,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -6165,7 +6169,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6182,7 +6186,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6203,7 +6207,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6220,7 +6224,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6241,7 +6245,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6251,7 +6255,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6259,7 +6263,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6296,7 +6300,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6313,7 +6317,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6334,7 +6338,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6351,7 +6355,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6372,7 +6376,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6382,7 +6386,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6390,7 +6394,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml index 46687491c..9d44762bf 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "prometheusagents.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -47,7 +47,7 @@ spec: name: "v1alpha1" schema: openAPIV3Schema: - description: "The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster.\n\n\nThe CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar." + description: "The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster.\n\nThe CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -61,7 +61,7 @@ spec: description: "Specification of the desired behavior of the Prometheus agent. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: additionalArgs: - description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged." + description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged." items: description: "Argument as part of the AdditionalArgs list." properties: @@ -84,7 +84,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -273,13 +273,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -378,13 +378,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -482,13 +482,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -587,13 +587,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -651,7 +651,7 @@ spec: description: "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." properties: authorization: - description: "Authorization section for the API server.\n\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`." + description: "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -661,7 +661,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -674,11 +674,11 @@ spec: description: "File to read a secret from, mutually exclusive with `credentials`." type: "string" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth configuration for the API server.\n\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`." + description: "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -688,7 +688,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -705,7 +705,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -716,10 +716,10 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerToken: - description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release." + description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release." type: "string" bearerTokenFile: - description: "File to read bearer token for accessing apiserver.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" host: description: "Kubernetes API address consisting of a hostname or IP address followed\nby an optional port number." @@ -738,7 +738,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -755,7 +755,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -779,7 +779,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -796,7 +796,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -823,7 +823,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -833,7 +833,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -841,7 +841,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -862,10 +862,10 @@ spec: type: "boolean" type: "object" automountServiceAccountToken: - description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container." + description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container." type: "boolean" bodySizeLimit: - description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit." + description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" configMaps: @@ -874,7 +874,7 @@ spec: type: "string" type: "array" containers: - description: "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." + description: "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: @@ -912,7 +912,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -962,7 +962,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -989,7 +989,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1004,7 +1004,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1203,7 +1203,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1341,7 +1342,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1441,13 +1443,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1517,7 +1522,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1556,7 +1561,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1603,7 +1608,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1734,7 +1740,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1758,48 +1764,48 @@ spec: type: "object" type: "array" enableFeatures: - description: "Enable access to Prometheus feature flags. By default, no features are enabled.\n\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" + description: "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: minLength: 1 type: "string" type: "array" x-kubernetes-list-type: "set" enableRemoteWriteReceiver: - description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0." + description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0." type: "boolean" enforcedBodySizeLimit: - description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0.\n\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit." + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" enforcedKeepDroppedTargets: - description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets." + description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets." format: "int64" type: "integer" enforcedLabelLimit: - description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit." + description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit." format: "int64" type: "integer" enforcedLabelNameLengthLimit: - description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit." + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit." format: "int64" type: "integer" enforcedLabelValueLengthLimit: - description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit." + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit." format: "int64" type: "integer" enforcedNamespaceLabel: - description: "When not empty, a label will be added to:\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object." + description: "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object." type: "string" enforcedSampleLimit: - description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit." + description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit." format: "int64" type: "integer" enforcedTargetLimit: - description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit." + description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit." format: "int64" type: "integer" excludedFromEnforcement: - description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true." + description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true." items: description: "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object." properties: @@ -1860,13 +1866,13 @@ spec: - "ip" x-kubernetes-list-type: "map" hostNetwork: - description: "Use the host's network namespace if true.\n\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically." + description: "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically." type: "boolean" ignoreNamespaceSelectors: description: "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor\nand Probe objects will be ignored. They will only discover targets\nwithin the namespace of the PodMonitor, ServiceMonitor and Probe\nobject." type: "boolean" image: - description: "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released." + description: "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released." type: "string" imagePullPolicy: description: "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details." @@ -1883,13 +1889,13 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" initContainers: - description: "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." + description: "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: @@ -1927,7 +1933,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1977,7 +1983,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2004,7 +2010,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2019,7 +2025,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2218,7 +2224,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2356,7 +2363,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2456,13 +2464,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2532,7 +2543,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2571,7 +2582,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2618,7 +2629,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2749,7 +2761,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2773,19 +2785,19 @@ spec: type: "object" type: "array" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit." format: "int64" type: "integer" listenLocal: @@ -2813,11 +2825,11 @@ spec: minimum: 60.0 type: "integer" minReadySeconds: - description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." + description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" mode: - description: "Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s).\nFor now this field has no effect.\n\n\n(Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled." + description: "Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s).\nFor now this field has no effect.\n\n(Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled." enum: - "StatefulSet" - "DaemonSet" @@ -2859,7 +2871,7 @@ spec: type: "string" type: "object" podMetadata: - description: "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\"." + description: "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\"." properties: annotations: additionalProperties: @@ -2909,7 +2921,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" podMonitorSelector: - description: "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." + description: "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2987,7 +2999,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" probeSelector: - description: "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." + description: "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3020,7 +3032,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" prometheusExternalLabelName: - description: "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\n\nDefault: \"prometheus\"" + description: "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\nDefault: \"prometheus\"" type: "string" reloadStrategy: description: "Defines the strategy used to reload the Prometheus configuration.\nIf not specified, the configuration is reloaded using the /-/reload HTTP endpoint." @@ -3034,7 +3046,7 @@ spec: description: "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint." properties: authorization: - description: "Authorization section for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`." + description: "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -3044,7 +3056,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3057,11 +3069,11 @@ spec: description: "File to read a secret from, mutually exclusive with `credentials`." type: "string" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" azureAd: - description: "AzureAD for the URL.\n\n\nIt requires Prometheus >= v2.45.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`." + description: "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`." properties: cloud: description: "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'." @@ -3080,7 +3092,7 @@ spec: - "clientId" type: "object" oauth: - description: "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\n\nIt requires Prometheus >= v2.48.0." + description: "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0." properties: clientId: description: "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate." @@ -3094,7 +3106,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3114,7 +3126,7 @@ spec: - "tenantId" type: "object" sdk: - description: "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\n\nIt requires Prometheus >= 2.52.0." + description: "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= 2.52.0." properties: tenantId: description: "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate." @@ -3123,7 +3135,7 @@ spec: type: "object" type: "object" basicAuth: - description: "BasicAuth configuration for the URL.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`." + description: "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -3133,7 +3145,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3150,7 +3162,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3161,21 +3173,21 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerToken: - description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release." + description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release." type: "string" bearerTokenFile: - description: "File from which to read bearer token for the URL.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0." + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0." type: "boolean" headers: additionalProperties: type: "string" - description: "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\n\nIt requires Prometheus >= v2.25.0." + description: "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0." type: "object" metadataConfig: description: "MetadataConfig configures the sending of series metadata to the remote storage." @@ -3189,13 +3201,13 @@ spec: type: "string" type: "object" name: - description: "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\n\nIt requires Prometheus >= v2.15.0." + description: "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0." type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`." + description: "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -3208,7 +3220,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3225,7 +3237,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3243,7 +3255,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3258,7 +3270,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3270,7 +3282,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3280,11 +3292,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3309,7 +3321,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3326,7 +3338,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3347,7 +3359,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3364,7 +3376,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3385,7 +3397,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3395,7 +3407,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3403,7 +3415,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3433,7 +3445,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3443,11 +3455,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3484,7 +3496,7 @@ spec: description: "MinShards is the minimum number of shards, i.e. amount of concurrency." type: "integer" retryOnRateLimit: - description: "Retry upon receiving a 429 status code from the remote-write storage.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." type: "boolean" sampleAgeLimit: description: "SampleAgeLimit drops samples older than the limit.\nIt requires Prometheus >= v2.50.0." @@ -3496,13 +3508,13 @@ spec: pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" sendExemplars: - description: "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIt requires Prometheus >= v2.27.0." + description: "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0." type: "boolean" sendNativeHistograms: - description: "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\n\nIt requires Prometheus >= v2.40.0." + description: "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0." type: "boolean" sigv4: - description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`." + description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`." properties: accessKey: description: "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used." @@ -3512,7 +3524,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3538,7 +3550,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3562,7 +3574,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3579,7 +3591,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3603,7 +3615,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3620,7 +3632,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3647,7 +3659,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3657,7 +3669,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3665,7 +3677,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3682,11 +3694,11 @@ spec: writeRelabelConfigs: description: "The list of remote write relabel configurations." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -3712,14 +3724,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -3732,7 +3744,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -3741,23 +3753,26 @@ spec: type: "object" type: "array" replicaExternalLabelName: - description: "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\n\nDefault: \"prometheus_replica\"" + description: "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\nDefault: \"prometheus_replica\"" type: "string" replicas: - description: "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\n\nDefault: 1" + description: "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\nDefault: 1" format: "int32" type: "integer" resources: description: "Defines the resources requests and limits of the 'prometheus' container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3785,34 +3800,34 @@ spec: type: "object" type: "object" routePrefix: - description: "The route prefix Prometheus registers HTTP handlers for.\n\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." + description: "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." type: "string" sampleLimit: - description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." + description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." format: "int64" type: "integer" scrapeClasses: - description: "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." items: properties: attachMetadata: description: "AttachMetadata configures additional metadata to the discovered targets.\nWhen the scrape object defines its own configuration, it takes\nprecedence over the scrape class configuration." properties: node: - description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." + description: "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects." type: "boolean" type: "object" default: - description: "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\n\nOnly one scrape class can be set as the default." + description: "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\nOnly one scrape class can be set as the default." type: "boolean" metricRelabelings: - description: "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" + description: "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -3838,14 +3853,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -3858,7 +3873,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -3867,13 +3882,13 @@ spec: minLength: 1 type: "string" relabelings: - description: "Relabelings configures the relabeling rules to apply to all scrape targets.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "Relabelings configures the relabeling rules to apply to all scrape targets.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -3899,14 +3914,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -3919,12 +3934,12 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" tlsConfig: - description: "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported." + description: "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -3937,7 +3952,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3954,7 +3969,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3978,7 +3993,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3995,7 +4010,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4022,7 +4037,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4032,7 +4047,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4040,7 +4055,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4059,7 +4074,7 @@ spec: - "name" x-kubernetes-list-type: "map" scrapeConfigNamespaceSelector: - description: "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." + description: "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4092,7 +4107,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" scrapeConfigSelector: - description: "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." + description: "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4126,11 +4141,11 @@ spec: x-kubernetes-map-type: "atomic" scrapeInterval: default: "30s" - description: "Interval between consecutive scrapes.\n\n\nDefault: \"30s\"" + description: "Interval between consecutive scrapes.\n\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: @@ -4167,7 +4182,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -4207,18 +4222,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -4257,7 +4275,7 @@ spec: description: "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods." type: "string" serviceDiscoveryRole: - description: "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role." + description: "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role." enum: - "Endpoints" - "EndpointSlice" @@ -4296,7 +4314,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" serviceMonitorSelector: - description: "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." + description: "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4329,7 +4347,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" shards: - description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\n\nDefault: 1" + description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1" format: "int32" type: "integer" storage: @@ -4356,7 +4374,7 @@ spec: description: "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4465,7 +4483,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4608,7 +4626,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4630,7 +4648,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -4640,7 +4658,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -4673,7 +4691,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -4684,10 +4702,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." @@ -4705,7 +4723,7 @@ spec: type: "object" type: "object" targetLimit: - description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit." + description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit." format: "int64" type: "integer" tolerations: @@ -4775,7 +4793,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -4785,14 +4803,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -4807,7 +4825,7 @@ spec: type: "object" type: "array" tracingConfig: - description: "TracingConfig configures tracing in Prometheus.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "TracingConfig configures tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." properties: clientType: description: "Client used to export the traces. Supported values are `http` or `grpc`." @@ -4857,7 +4875,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4874,7 +4892,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4898,7 +4916,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4915,7 +4933,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4942,7 +4960,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4952,7 +4970,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4960,7 +4978,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4974,11 +4992,19 @@ spec: required: - "endpoint" type: "object" + tsdb: + description: "Defines the runtime reloadable configuration of the timeseries database(TSDB).\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0." + properties: + outOfOrderTimeWindow: + description: "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + type: "object" version: - description: "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased." + description: "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased." type: "string" volumeMounts: - description: "VolumeMounts allows the configuration of additional VolumeMounts.\n\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects." + description: "VolumeMounts allows the configuration of additional VolumeMounts.\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: @@ -4995,7 +5021,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -5017,7 +5043,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -5045,12 +5071,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -5096,7 +5124,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5120,7 +5148,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5160,7 +5188,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -5181,7 +5209,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5269,10 +5297,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -5381,7 +5409,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5398,7 +5426,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -5442,7 +5470,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5463,7 +5491,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -5510,7 +5538,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -5521,6 +5549,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -5531,7 +5569,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -5540,6 +5578,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -5560,7 +5599,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5638,12 +5677,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -5719,7 +5758,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -5806,7 +5845,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -5862,12 +5901,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -5877,6 +5917,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -5887,11 +5928,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -5902,6 +5944,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -5918,7 +5961,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5926,6 +5969,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -5991,7 +6035,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -6025,7 +6069,7 @@ spec: type: "object" type: "array" walCompression: - description: "Configures compression of the write-ahead log (WAL) using Snappy.\n\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\n\nRequires Prometheus v2.11.0 and above." + description: "Configures compression of the write-ahead log (WAL) using Snappy.\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\nRequires Prometheus v2.11.0 and above." type: "boolean" web: description: "Defines the configuration of the Prometheus web server." @@ -6085,7 +6129,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6102,7 +6146,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6131,7 +6175,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6148,7 +6192,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6171,7 +6215,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml index 38275205b..27478e883 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "scrapeconfigs.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -52,7 +52,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -62,7 +62,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -76,7 +76,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -93,7 +93,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -112,7 +112,7 @@ spec: namespace: type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." @@ -128,7 +128,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -145,7 +145,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -163,7 +163,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -178,7 +178,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -190,7 +190,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -200,11 +200,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -229,7 +229,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -246,7 +246,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -267,7 +267,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -284,7 +284,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -305,7 +305,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -315,7 +315,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -323,7 +323,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -353,7 +353,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -363,11 +363,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -398,7 +398,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -415,7 +415,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -436,7 +436,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -453,7 +453,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -474,7 +474,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -484,7 +484,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -492,7 +492,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -518,7 +518,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -528,7 +528,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" azureSDConfigs: @@ -554,7 +554,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -598,7 +598,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -615,7 +615,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -644,7 +644,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -654,7 +654,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -668,7 +668,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -685,7 +685,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -708,7 +708,7 @@ spec: description: "Namespaces are only supported in Consul Enterprise." type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" nodeMeta: additionalProperties: @@ -730,7 +730,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -747,7 +747,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -765,7 +765,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -780,7 +780,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -792,7 +792,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -802,11 +802,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -831,7 +831,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -848,7 +848,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -869,7 +869,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -886,7 +886,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -907,7 +907,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -917,7 +917,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -925,7 +925,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -958,7 +958,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -968,11 +968,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1021,7 +1021,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1038,7 +1038,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1059,7 +1059,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1076,7 +1076,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1097,7 +1097,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1107,7 +1107,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1115,7 +1115,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1134,7 +1134,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1163,7 +1163,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1173,7 +1173,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" enableHTTP2: @@ -1183,7 +1183,7 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`." @@ -1199,7 +1199,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1216,7 +1216,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1234,7 +1234,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1249,7 +1249,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -1261,7 +1261,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1271,11 +1271,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1300,7 +1300,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1317,7 +1317,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1338,7 +1338,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1355,7 +1355,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1376,7 +1376,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1386,7 +1386,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1394,7 +1394,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1427,7 +1427,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1437,11 +1437,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1465,7 +1465,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1482,7 +1482,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1503,7 +1503,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1520,7 +1520,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1541,7 +1541,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1551,7 +1551,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1559,7 +1559,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1594,7 +1594,7 @@ spec: pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" type: - description: "The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.\nIf not set, Prometheus uses its default value.\n\n\nWhen set to NS, it requires Prometheus >= v2.49.0.\nWhen set to MX, it requires Prometheus >= v2.38.0" + description: "The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.\nIf not set, Prometheus uses its default value.\n\nWhen set to NS, it requires Prometheus >= v2.49.0.\nWhen set to MX, it requires Prometheus >= v2.38.0" enum: - "A" - "AAAA" @@ -1622,7 +1622,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1632,7 +1632,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -1646,7 +1646,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1663,7 +1663,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1708,8 +1708,11 @@ spec: hostNetworkingHost: description: "The host to use if the container is in host networking mode." type: "string" + matchFirstNetwork: + description: "Configure whether to match the first network if the container has multiple networks defined.\nIf unset, Prometheus uses true by default.\nIt requires Prometheus >= v2.54.0." + type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`." @@ -1725,7 +1728,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1742,7 +1745,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1760,7 +1763,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1775,7 +1778,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -1787,7 +1790,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1797,11 +1800,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1826,7 +1829,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1843,7 +1846,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1864,7 +1867,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1881,7 +1884,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1902,7 +1905,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1912,7 +1915,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1920,7 +1923,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1953,7 +1956,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1963,11 +1966,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1991,7 +1994,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2008,7 +2011,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2029,7 +2032,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2046,7 +2049,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2067,7 +2070,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2077,7 +2080,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2085,7 +2088,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2116,7 +2119,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2126,7 +2129,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -2140,7 +2143,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2157,7 +2160,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2200,7 +2203,7 @@ spec: pattern: "^[a-zA-Z][a-zA-Z0-9+.-]*://.+$" type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." @@ -2216,7 +2219,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2233,7 +2236,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2251,7 +2254,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2266,7 +2269,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -2278,7 +2281,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2288,11 +2291,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2317,7 +2320,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2334,7 +2337,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2355,7 +2358,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2372,7 +2375,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2393,7 +2396,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2403,7 +2406,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2411,7 +2414,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2447,7 +2450,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2457,11 +2460,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2492,7 +2495,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2509,7 +2512,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2530,7 +2533,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2547,7 +2550,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2568,7 +2571,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2578,7 +2581,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2586,7 +2589,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2605,7 +2608,7 @@ spec: ec2SDConfigs: description: "EC2SDConfigs defines a list of EC2 service discovery configurations." items: - description: "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config\n\n\nThe EC2 service discovery requires AWS API keys or role ARN for authentication.\nBasicAuth, Authorization and OAuth2 fields are not present on purpose." + description: "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config\n\nThe EC2 service discovery requires AWS API keys or role ARN for authentication.\nBasicAuth, Authorization and OAuth2 fields are not present on purpose." properties: accessKey: description: "AccessKey is the AWS API key." @@ -2615,7 +2618,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2653,7 +2656,7 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIt requires Prometheus >= v2.41.0" type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" port: description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." @@ -2671,7 +2674,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2681,11 +2684,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2711,7 +2714,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2734,7 +2737,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2751,7 +2754,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2772,7 +2775,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2789,7 +2792,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2810,7 +2813,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2820,7 +2823,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2828,7 +2831,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2842,7 +2845,7 @@ spec: type: "object" type: "array" enableCompression: - description: "When false, Prometheus will request uncompressed response from the scraped target.\n\n\nIt requires Prometheus >= v2.49.0.\n\n\nIf unset, Prometheus uses true by default." + description: "When false, Prometheus will request uncompressed response from the scraped target.\n\nIt requires Prometheus >= v2.49.0.\n\nIf unset, Prometheus uses true by default." type: "boolean" eurekaSDConfigs: description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." @@ -2860,7 +2863,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2870,7 +2873,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -2884,7 +2887,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2901,7 +2904,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2918,7 +2921,7 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." @@ -2934,7 +2937,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2951,7 +2954,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2969,7 +2972,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2984,7 +2987,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -2996,7 +2999,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3006,11 +3009,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3035,7 +3038,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3052,7 +3055,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3073,7 +3076,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3090,7 +3093,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3111,7 +3114,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3121,7 +3124,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3129,7 +3132,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3159,7 +3162,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3169,11 +3172,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3201,7 +3204,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3218,7 +3221,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3239,7 +3242,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3256,7 +3259,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3277,7 +3280,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3287,7 +3290,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3295,7 +3298,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3334,7 +3337,7 @@ spec: gceSDConfigs: description: "GCESDConfigs defines a list of GCE service discovery configurations." items: - description: "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//." + description: "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//." properties: filter: description: "Filter can be used optionally to filter the instance list by other criteria\nSyntax of this filter is described in the filter query parameter section:\nhttps://cloud.google.com/compute/docs/reference/latest/instances/list" @@ -3378,7 +3381,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3388,7 +3391,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -3402,7 +3405,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3419,7 +3422,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3436,7 +3439,7 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `basic_auth` or `authorization`." @@ -3452,7 +3455,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3469,7 +3472,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3487,7 +3490,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3502,7 +3505,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3514,7 +3517,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3524,11 +3527,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3553,7 +3556,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3570,7 +3573,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3591,7 +3594,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3608,7 +3611,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3629,7 +3632,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3639,7 +3642,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3647,7 +3650,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3680,7 +3683,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3690,11 +3693,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3726,7 +3729,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3743,7 +3746,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3764,7 +3767,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3781,7 +3784,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3802,7 +3805,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3812,7 +3815,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3820,7 +3823,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3857,7 +3860,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3867,7 +3870,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -3881,7 +3884,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3898,7 +3901,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3909,7 +3912,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3921,7 +3924,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3931,11 +3934,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3959,7 +3962,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3976,7 +3979,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3997,7 +4000,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4014,7 +4017,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4035,7 +4038,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4045,7 +4048,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4053,7 +4056,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4074,11 +4077,11 @@ spec: type: "object" type: "array" jobName: - description: "The value of the `job` label assigned to the scraped metrics by default.\n\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs." + description: "The value of the `job` label assigned to the scraped metrics by default.\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs." minLength: 1 type: "string" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" kubernetesSDConfigs: @@ -4108,7 +4111,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4118,7 +4121,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -4132,7 +4135,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4149,7 +4152,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4179,7 +4182,7 @@ spec: type: "boolean" type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." @@ -4195,7 +4198,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4212,7 +4215,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4230,7 +4233,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4245,7 +4248,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4257,7 +4260,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4267,11 +4270,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4296,7 +4299,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4313,7 +4316,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4334,7 +4337,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4351,7 +4354,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4372,7 +4375,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4382,7 +4385,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4390,7 +4393,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4420,7 +4423,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4430,11 +4433,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4494,7 +4497,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4511,7 +4514,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4532,7 +4535,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4549,7 +4552,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4570,7 +4573,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4580,7 +4583,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4588,7 +4591,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4619,7 +4622,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4629,7 +4632,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -4643,7 +4646,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4660,7 +4663,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4684,7 +4687,7 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." @@ -4700,7 +4703,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4717,7 +4720,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4735,7 +4738,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4750,7 +4753,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4762,7 +4765,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4772,11 +4775,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4801,7 +4804,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4818,7 +4821,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4839,7 +4842,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4856,7 +4859,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4877,7 +4880,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4887,7 +4890,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4895,7 +4898,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4925,7 +4928,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4935,11 +4938,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4967,7 +4970,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4984,7 +4987,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5005,7 +5008,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5022,7 +5025,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5043,7 +5046,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5053,7 +5056,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5061,7 +5064,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5091,7 +5094,7 @@ spec: lightSailSDConfigs: description: "LightsailSDConfigs defines a list of Lightsail service discovery configurations." items: - description: "LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config\nTODO: Need to document that we will not be supporting the `_file` fields." + description: "LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config" properties: accessKey: description: "AccessKey is the AWS API key." @@ -5101,7 +5104,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5121,7 +5124,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5131,7 +5134,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -5145,7 +5148,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5162,7 +5165,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5183,7 +5186,7 @@ spec: description: "Configure whether the HTTP requests should follow HTTP 3xx redirects." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." @@ -5199,7 +5202,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5216,7 +5219,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5234,7 +5237,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5249,7 +5252,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -5261,7 +5264,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5271,11 +5274,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5300,7 +5303,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5317,7 +5320,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5338,7 +5341,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5355,7 +5358,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5376,7 +5379,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5386,7 +5389,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5394,7 +5397,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5430,7 +5433,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5440,11 +5443,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5469,7 +5472,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5492,7 +5495,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5509,7 +5512,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5530,7 +5533,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5547,7 +5550,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5568,7 +5571,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5578,7 +5581,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5586,7 +5589,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5615,7 +5618,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5625,7 +5628,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" enableHTTP2: @@ -5635,7 +5638,7 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `authorization`." @@ -5651,7 +5654,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5668,7 +5671,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5686,7 +5689,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5701,7 +5704,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -5713,7 +5716,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5723,11 +5726,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5752,7 +5755,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5769,7 +5772,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5790,7 +5793,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5807,7 +5810,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5828,7 +5831,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5838,7 +5841,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5846,7 +5849,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5882,7 +5885,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5892,11 +5895,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5928,7 +5931,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5945,7 +5948,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5966,7 +5969,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5983,7 +5986,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6004,7 +6007,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6014,7 +6017,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6022,7 +6025,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6038,11 +6041,11 @@ spec: metricRelabelings: description: "MetricRelabelConfigs to apply to samples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -6068,14 +6071,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -6088,7 +6091,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -6096,7 +6099,7 @@ spec: description: "MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics)." type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "OAuth2 client credentials used to fetch a token for the targets." @@ -6112,7 +6115,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6129,7 +6132,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6147,7 +6150,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6162,7 +6165,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -6174,7 +6177,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6184,11 +6187,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -6213,7 +6216,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6230,7 +6233,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6251,7 +6254,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6268,7 +6271,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6289,7 +6292,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6299,7 +6302,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6307,7 +6310,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6349,7 +6352,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6385,7 +6388,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6433,7 +6436,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6450,7 +6453,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6471,7 +6474,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6488,7 +6491,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6509,7 +6512,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6519,7 +6522,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6527,7 +6530,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6566,7 +6569,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6583,7 +6586,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6635,7 +6638,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6645,11 +6648,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -6671,7 +6674,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6681,7 +6684,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -6695,7 +6698,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6712,7 +6715,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6732,7 +6735,7 @@ spec: description: "Whether to include the parameters as meta labels.\nNote: Enabling this exposes parameters in the Prometheus UI and API. Make sure\nthat you don't have secrets exposed as parameters if you enable this." type: "boolean" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." @@ -6748,7 +6751,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6765,7 +6768,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6783,7 +6786,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6798,7 +6801,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -6810,7 +6813,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6820,11 +6823,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -6849,7 +6852,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6866,7 +6869,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6887,7 +6890,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6904,7 +6907,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6925,7 +6928,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6935,7 +6938,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6943,7 +6946,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6979,7 +6982,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6989,11 +6992,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -7021,7 +7024,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7038,7 +7041,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7059,7 +7062,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7076,7 +7079,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7097,7 +7100,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7107,7 +7110,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -7115,7 +7118,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -7139,11 +7142,11 @@ spec: relabelings: description: "RelabelConfigs defines how to rewrite the target's labels before scraping.\nPrometheus Operator automatically adds relabelings for a few standard Kubernetes fields.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -7169,14 +7172,14 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." @@ -7189,7 +7192,7 @@ spec: type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -7200,7 +7203,7 @@ spec: scalewaySDConfigs: description: "ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations." items: - description: "ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config\nTODO: Need to document that we will not be supporting the `_file` fields." + description: "ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config" properties: accessKey: description: "Access key to use. https://console.scaleway.com/project/credentials" @@ -7221,7 +7224,7 @@ spec: minLength: 1 type: "string" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" port: description: "The port to scrape metrics from." @@ -7243,7 +7246,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7253,11 +7256,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -7281,7 +7284,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7310,7 +7313,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7327,7 +7330,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7348,7 +7351,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7365,7 +7368,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7386,7 +7389,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7396,7 +7399,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -7404,7 +7407,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -7441,7 +7444,7 @@ spec: pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: @@ -7493,7 +7496,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7510,7 +7513,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7531,7 +7534,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7548,7 +7551,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7569,7 +7572,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7579,7 +7582,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -7587,7 +7590,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml index e3aae1b39..e9625e03c 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "alertmanagerconfigs.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -20,7 +20,7 @@ spec: - name: "v1beta1" schema: openAPIV3Schema: - description: "The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.\n\n\n`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors." + description: "The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.\n\n`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors." properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -111,7 +111,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -134,7 +134,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -144,7 +144,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -158,7 +158,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -175,7 +175,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -217,7 +217,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -234,7 +234,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -252,7 +252,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -267,7 +267,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -279,7 +279,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -289,11 +289,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -318,7 +318,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -335,7 +335,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -356,7 +356,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -373,7 +373,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -394,7 +394,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -404,7 +404,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -412,7 +412,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -449,7 +449,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -466,7 +466,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -487,7 +487,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -504,7 +504,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -525,7 +525,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -535,7 +535,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -543,7 +543,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -564,6 +564,8 @@ spec: title: description: "The template of the message's title." type: "string" + required: + - "apiURL" type: "object" type: "array" emailConfigs: @@ -659,7 +661,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -676,7 +678,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -697,7 +699,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -714,7 +716,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -735,7 +737,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -745,7 +747,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -753,7 +755,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -788,7 +790,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -798,7 +800,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -812,7 +814,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -829,7 +831,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -871,7 +873,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -888,7 +890,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -906,7 +908,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -921,7 +923,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -933,7 +935,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -943,11 +945,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -972,7 +974,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -989,7 +991,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1010,7 +1012,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1027,7 +1029,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1048,7 +1050,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1058,7 +1060,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1066,7 +1068,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1103,7 +1105,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1120,7 +1122,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1141,7 +1143,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1158,7 +1160,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1179,7 +1181,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1189,7 +1191,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1197,7 +1199,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1229,7 +1231,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1309,7 +1311,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1319,7 +1321,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -1333,7 +1335,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1350,7 +1352,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1392,7 +1394,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1409,7 +1411,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1427,7 +1429,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1442,7 +1444,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -1454,7 +1456,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1464,11 +1466,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -1493,7 +1495,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1510,7 +1512,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1531,7 +1533,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1548,7 +1550,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1569,7 +1571,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1579,7 +1581,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1587,7 +1589,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1624,7 +1626,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1641,7 +1643,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1662,7 +1664,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1679,7 +1681,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1700,7 +1702,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1710,7 +1712,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -1718,7 +1720,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -1832,7 +1834,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1842,7 +1844,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -1856,7 +1858,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1873,7 +1875,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1915,7 +1917,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1932,7 +1934,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1950,7 +1952,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1965,7 +1967,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -1977,7 +1979,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1987,11 +1989,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2016,7 +2018,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2033,7 +2035,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2054,7 +2056,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2071,7 +2073,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2092,7 +2094,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2102,7 +2104,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2110,7 +2112,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2147,7 +2149,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2164,7 +2166,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2185,7 +2187,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2202,7 +2204,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2223,7 +2225,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2233,7 +2235,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2241,7 +2243,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2355,7 +2357,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2365,7 +2367,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -2379,7 +2381,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2396,7 +2398,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2438,7 +2440,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2455,7 +2457,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2473,7 +2475,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2488,7 +2490,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -2500,7 +2502,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2510,11 +2512,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -2539,7 +2541,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2556,7 +2558,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2577,7 +2579,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2594,7 +2596,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2615,7 +2617,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2625,7 +2627,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2633,7 +2635,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2670,7 +2672,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2687,7 +2689,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2708,7 +2710,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2725,7 +2727,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2746,7 +2748,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2756,7 +2758,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -2764,7 +2766,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -2945,7 +2947,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2955,7 +2957,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -2969,7 +2971,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2986,7 +2988,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3028,7 +3030,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3045,7 +3047,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3063,7 +3065,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3078,7 +3080,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3090,7 +3092,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3100,11 +3102,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3129,7 +3131,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3146,7 +3148,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3167,7 +3169,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3184,7 +3186,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3205,7 +3207,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3215,7 +3217,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3223,7 +3225,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3260,7 +3262,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3277,7 +3279,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3298,7 +3300,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3315,7 +3317,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3336,7 +3338,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3346,7 +3348,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3354,7 +3356,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3424,7 +3426,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3434,7 +3436,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -3448,7 +3450,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3465,7 +3467,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3507,7 +3509,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3524,7 +3526,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3542,7 +3544,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3557,7 +3559,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -3569,7 +3571,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3579,11 +3581,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -3608,7 +3610,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3625,7 +3627,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3646,7 +3648,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3663,7 +3665,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3684,7 +3686,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3694,7 +3696,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3702,7 +3704,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3739,7 +3741,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3756,7 +3758,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3777,7 +3779,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3794,7 +3796,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3815,7 +3817,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3825,7 +3827,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -3833,7 +3835,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -3865,7 +3867,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3891,7 +3893,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3921,7 +3923,7 @@ spec: description: "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used." type: "string" botToken: - description: "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\n\nEither `botToken` or `botTokenFile` is required." + description: "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -3936,7 +3938,7 @@ spec: - "name" type: "object" botTokenFile: - description: "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\n\nIt requires Alertmanager >= v0.26.0." + description: "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0." type: "string" chatID: description: "The Telegram chat ID." @@ -3959,7 +3961,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3969,7 +3971,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -3983,7 +3985,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4000,7 +4002,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4042,7 +4044,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4059,7 +4061,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4077,7 +4079,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4092,7 +4094,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4104,7 +4106,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4114,11 +4116,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4143,7 +4145,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4160,7 +4162,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4181,7 +4183,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4198,7 +4200,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4219,7 +4221,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4229,7 +4231,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4237,7 +4239,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4274,7 +4276,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4291,7 +4293,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4312,7 +4314,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4329,7 +4331,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4350,7 +4352,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4360,7 +4362,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4368,7 +4370,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4393,6 +4395,8 @@ spec: sendResolved: description: "Whether to notify about resolved alerts." type: "boolean" + required: + - "chatID" type: "object" type: "array" victoropsConfigs: @@ -4452,7 +4456,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4462,7 +4466,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -4476,7 +4480,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4493,7 +4497,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4535,7 +4539,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4552,7 +4556,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4570,7 +4574,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4585,7 +4589,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -4597,7 +4601,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4607,11 +4611,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -4636,7 +4640,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4653,7 +4657,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4674,7 +4678,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4691,7 +4695,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4712,7 +4716,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4722,7 +4726,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4730,7 +4734,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4767,7 +4771,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4784,7 +4788,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4805,7 +4809,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4822,7 +4826,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4843,7 +4847,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4853,7 +4857,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -4861,7 +4865,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -4913,7 +4917,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4923,7 +4927,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -4937,7 +4941,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4954,7 +4958,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4996,7 +5000,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5013,7 +5017,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5031,7 +5035,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5046,7 +5050,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -5058,7 +5062,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5068,11 +5072,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5097,7 +5101,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5114,7 +5118,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5135,7 +5139,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5152,7 +5156,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5173,7 +5177,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5183,7 +5187,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5191,7 +5195,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5228,7 +5232,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5245,7 +5249,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5266,7 +5270,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5283,7 +5287,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5304,7 +5308,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5314,7 +5318,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5322,7 +5326,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5367,7 +5371,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5377,7 +5381,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -5391,7 +5395,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5408,7 +5412,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5450,7 +5454,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5467,7 +5471,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5485,7 +5489,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5500,7 +5504,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -5512,7 +5516,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5522,11 +5526,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -5551,7 +5555,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5568,7 +5572,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5589,7 +5593,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5606,7 +5610,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5627,7 +5631,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5637,7 +5641,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5645,7 +5649,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5682,7 +5686,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5699,7 +5703,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5720,7 +5724,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5737,7 +5741,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5758,7 +5762,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5768,7 +5772,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -5776,7 +5780,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -5858,7 +5862,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5868,7 +5872,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: @@ -5882,7 +5886,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5899,7 +5903,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5941,7 +5945,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5958,7 +5962,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5976,7 +5980,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5991,7 +5995,7 @@ spec: description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" proxyConnectHeader: additionalProperties: @@ -6003,7 +6007,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6013,11 +6017,11 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." type: "object" x-kubernetes-map-type: "atomic" proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." type: "boolean" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." @@ -6042,7 +6046,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6059,7 +6063,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6080,7 +6084,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6097,7 +6101,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6118,7 +6122,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6128,7 +6132,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6136,7 +6140,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6173,7 +6177,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6190,7 +6194,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6211,7 +6215,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6228,7 +6232,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6249,7 +6253,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6259,7 +6263,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" maxVersion: - description: "Maximum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.41.0." + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." enum: - "TLS10" - "TLS11" @@ -6267,7 +6271,7 @@ spec: - "TLS13" type: "string" minVersion: - description: "Minimum acceptable TLS version.\n\n\nIt requires Prometheus >= v2.35.0." + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." enum: - "TLS10" - "TLS11" @@ -6430,6 +6434,8 @@ spec: type: "array" type: "object" type: "array" + required: + - "name" type: "object" type: "array" type: "object" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpoolradosnamespaces.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpoolradosnamespaces.yaml index 4404ed3e9..f18778ac3 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpoolradosnamespaces.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpoolradosnamespaces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephblockpoolradosnamespaces.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml index be0c5022a..16bb9ca23 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephblockpools.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephbucketnotifications.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephbucketnotifications.yaml index b3de60af8..dc39001eb 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephbucketnotifications.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephbucketnotifications.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephbucketnotifications.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephbuckettopics.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephbuckettopics.yaml index f850d999a..08eef3c84 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephbuckettopics.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephbuckettopics.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephbuckettopics.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclients.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclients.yaml index 282a2856f..cf774711a 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclients.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclients.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephclients.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml index 35e89185b..b7d5121c0 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephclusters.ceph.rook.io" spec: group: "ceph.rook.io" @@ -313,7 +313,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -426,7 +427,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -738,7 +740,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -880,7 +882,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1029,7 +1031,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -1076,7 +1078,7 @@ spec: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" @@ -1129,14 +1131,14 @@ spec: cluster: description: "Cluster defines a list of CIDRs to use for Ceph cluster network communication." items: - description: "An IPv4 or IPv6 network CIDR.\n\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." + description: "An IPv4 or IPv6 network CIDR.\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." pattern: "^[0-9a-fA-F:.]{2,}\\/[0-9]{1,3}$" type: "string" type: "array" public: description: "Public defines a list of CIDRs to use for Ceph public network communication." items: - description: "An IPv4 or IPv6 network CIDR.\n\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." + description: "An IPv4 or IPv6 network CIDR.\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code." pattern: "^[0-9a-fA-F:.]{2,}\\/[0-9]{1,3}$" type: "string" type: "array" @@ -1202,7 +1204,7 @@ spec: selectors: additionalProperties: type: "string" - description: "Selectors define NetworkAttachmentDefinitions to be used for Ceph public and/or cluster\nnetworks when the \"multus\" network provider is used. This config section is not used for\nother network providers.\n\n\nValid keys are \"public\" and \"cluster\". Refer to Ceph networking documentation for more:\nhttps://docs.ceph.com/en/reef/rados/configuration/network-config-ref/\n\n\nRefer to Multus network annotation documentation for help selecting values:\nhttps://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\n\n\nRook will make a best-effort attempt to automatically detect CIDR address ranges for given\nnetwork attachment definitions. Rook's methods are robust but may be imprecise for\nsufficiently complicated networks. Rook's auto-detection process obtains a new IP address\nlease for each CephCluster reconcile. If Rook fails to detect, incorrectly detects, only\npartially detects, or if underlying networks do not support reusing old IP addresses, it is\nbest to use the 'addressRanges' config section to specify CIDR ranges for the Ceph cluster.\n\n\nAs a contrived example, one can use a theoretical Kubernetes-wide network for Ceph client\ntraffic and a theoretical Rook-only network for Ceph replication traffic as shown:\n selectors:\n public: \"default/cluster-fast-net\"\n cluster: \"rook-ceph/ceph-backend-net\"" + description: "Selectors define NetworkAttachmentDefinitions to be used for Ceph public and/or cluster\nnetworks when the \"multus\" network provider is used. This config section is not used for\nother network providers.\n\nValid keys are \"public\" and \"cluster\". Refer to Ceph networking documentation for more:\nhttps://docs.ceph.com/en/reef/rados/configuration/network-config-ref/\n\nRefer to Multus network annotation documentation for help selecting values:\nhttps://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\n\nRook will make a best-effort attempt to automatically detect CIDR address ranges for given\nnetwork attachment definitions. Rook's methods are robust but may be imprecise for\nsufficiently complicated networks. Rook's auto-detection process obtains a new IP address\nlease for each CephCluster reconcile. If Rook fails to detect, incorrectly detects, only\npartially detects, or if underlying networks do not support reusing old IP addresses, it is\nbest to use the 'addressRanges' config section to specify CIDR ranges for the Ceph cluster.\n\nAs a contrived example, one can use a theoretical Kubernetes-wide network for Ceph client\ntraffic and a theoretical Rook-only network for Ceph replication traffic as shown:\n selectors:\n public: \"default/cluster-fast-net\"\n cluster: \"rook-ceph/ceph-backend-net\"" nullable: true type: "object" type: "object" @@ -1740,13 +1742,16 @@ spec: description: "ResourceRequirements describes the compute resource requirements." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1819,6 +1824,9 @@ spec: allowDeviceClassUpdate: description: "Whether to allow updating the device class after the OSD is initially provisioned" type: "boolean" + allowOsdCrushWeightUpdate: + description: "Whether Rook will resize the OSD CRUSH weight when the OSD PVC size is increased.\nThis allows cluster data to be rebalanced to make most effective use of new OSD space.\nThe default is false since data rebalancing can cause temporary cluster slowdown." + type: "boolean" backfillFullRatio: description: "BackfillFullRatio is the ratio at which the cluster is too full for backfill. Backfill will be disabled if above this threshold. Default is 0.90." maximum: 1.0 @@ -1913,13 +1921,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2079,7 +2090,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3146,13 +3157,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3319,7 +3333,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3485,7 +3499,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephcosidrivers.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephcosidrivers.yaml index b0b34b6c5..9a95417e5 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephcosidrivers.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephcosidrivers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephcosidrivers.ceph.rook.io" spec: group: "ceph.rook.io" @@ -557,13 +557,16 @@ spec: description: "Resources is the resource requirements for the COSI driver" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemmirrors.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemmirrors.yaml index fa347df89..1c45752e7 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemmirrors.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemmirrors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephfilesystemmirrors.ceph.rook.io" spec: group: "ceph.rook.io" @@ -566,13 +566,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml index 78eb20699..cfa040a13 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephfilesystems.ceph.rook.io" spec: group: "ceph.rook.io" @@ -441,7 +441,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1039,13 +1040,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1104,7 +1108,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemsubvolumegroups.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemsubvolumegroups.yaml index 5a8bef89f..67f15ff3c 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemsubvolumegroups.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystemsubvolumegroups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephfilesystemsubvolumegroups.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml index 55f7b46d2..61b1fd1aa 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephnfses.ceph.rook.io" spec: group: "ceph.rook.io" @@ -51,7 +51,7 @@ spec: nullable: true properties: configFiles: - description: "ConfigFiles defines where the Kerberos configuration should be sourced from. Config files\nwill be placed into the `/etc/krb5.conf.rook/` directory.\n\n\nIf this is left empty, Rook will not add any files. This allows you to manage the files\nyourself however you wish. For example, you may build them into your custom Ceph container\nimage or use the Vault agent injector to securely add the files via annotations on the\nCephNFS spec (passed to the NFS server pods).\n\n\nRook configures Kerberos to log to stderr. We suggest removing logging sections from config\nfiles to avoid consuming unnecessary disk space from logging to files." + description: "ConfigFiles defines where the Kerberos configuration should be sourced from. Config files\nwill be placed into the `/etc/krb5.conf.rook/` directory.\n\nIf this is left empty, Rook will not add any files. This allows you to manage the files\nyourself however you wish. For example, you may build them into your custom Ceph container\nimage or use the Vault agent injector to securely add the files via annotations on the\nCephNFS spec (passed to the NFS server pods).\n\nRook configures Kerberos to log to stderr. We suggest removing logging sections from config\nfiles to avoid consuming unnecessary disk space from logging to files." properties: volumeSource: properties: @@ -824,13 +824,16 @@ spec: description: "Resources allow specifying resource requests/limits on the SSSD sidecar container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1162,7 +1165,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1763,13 +1767,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectrealms.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectrealms.yaml index 96b11ec9d..48b373d53 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectrealms.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectrealms.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephobjectrealms.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml index 3fe005d77..72bb8bad2 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephobjectstores.ceph.rook.io" spec: group: "ceph.rook.io" @@ -829,13 +829,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -920,7 +923,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1031,7 +1035,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstoreusers.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstoreusers.yaml index d9321c35d..926c7e2bc 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstoreusers.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstoreusers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephobjectstoreusers.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzonegroups.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzonegroups.yaml index 37063d0b4..0922af365 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzonegroups.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzonegroups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephobjectzonegroups.ceph.rook.io" spec: group: "ceph.rook.io" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml index ea91576fe..1e269a1a3 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephobjectzones.ceph.rook.io" spec: group: "ceph.rook.io" @@ -37,7 +37,7 @@ spec: description: "ObjectZoneSpec represent the spec of an ObjectZone" properties: customEndpoints: - description: "If this zone cannot be accessed from other peer Ceph clusters via the ClusterIP Service\nendpoint created by Rook, you must set this to the externally reachable endpoint(s). You may\ninclude the port in the definition. For example: \"https://my-object-store.my-domain.net:443\".\nIn many cases, you should set this to the endpoint of the ingress resource that makes the\nCephObjectStore associated with this CephObjectStoreZone reachable to peer clusters.\nThe list can have one or more endpoints pointing to different RGW servers in the zone.\n\n\nIf a CephObjectStore endpoint is omitted from this list, that object store's gateways will\nnot receive multisite replication data\n(see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." + description: "If this zone cannot be accessed from other peer Ceph clusters via the ClusterIP Service\nendpoint created by Rook, you must set this to the externally reachable endpoint(s). You may\ninclude the port in the definition. For example: \"https://my-object-store.my-domain.net:443\".\nIn many cases, you should set this to the endpoint of the ingress resource that makes the\nCephObjectStore associated with this CephObjectStoreZone reachable to peer clusters.\nThe list can have one or more endpoints pointing to different RGW servers in the zone.\n\nIf a CephObjectStore endpoint is omitted from this list, that object store's gateways will\nnot receive multisite replication data\n(see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." items: type: "string" nullable: true diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephrbdmirrors.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephrbdmirrors.yaml index aa2a39df6..f5ac14023 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephrbdmirrors.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephrbdmirrors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "cephrbdmirrors.ceph.rook.io" spec: group: "ceph.rook.io" @@ -583,13 +583,16 @@ spec: nullable: true properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" diff --git a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml index f6244c7e9..bfb0a0933 100644 --- a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml +++ b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml @@ -174,7 +174,7 @@ spec: type: "object" type: "array" cpuset: - description: "cpuset determines if the cluster will use cpu-pinning for max performance." + description: "cpuset determines if the cluster will use cpu-pinning. Deprecated: `cpuset` is deprecated and may be ignored in the future." type: "boolean" datacenter: description: "datacenter holds a specification of a datacenter." diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml index e5c3daa6c..72a7359ac 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml @@ -543,6 +543,9 @@ spec: type: "string" validationWebhookTlsKey: type: "string" + warnMissingTlsSecret: + nullable: true + type: "boolean" warnRouteShortCircuiting: nullable: true type: "boolean" diff --git a/crd-catalog/wildfly/wildfly-operator/wildfly.org/v1alpha1/wildflyservers.yaml b/crd-catalog/wildfly/wildfly-operator/wildfly.org/v1alpha1/wildflyservers.yaml index 8cd7b6e86..c79edf9a0 100644 --- a/crd-catalog/wildfly/wildfly-operator/wildfly.org/v1alpha1/wildflyservers.yaml +++ b/crd-catalog/wildfly/wildfly-operator/wildfly.org/v1alpha1/wildflyservers.yaml @@ -206,7 +206,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -281,7 +281,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -493,7 +493,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" diff --git a/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml b/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml index 8212116d3..a618fa1e2 100644 --- a/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml +++ b/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/operatorconfigurations.yaml @@ -52,7 +52,6 @@ spec: additional_secret_mount: type: "string" additional_secret_mount_path: - default: "/meta/credentials" type: "string" aws_region: default: "eu-central-1" @@ -429,7 +428,7 @@ spec: logical_backup_cronjob_environment_secret: type: "string" logical_backup_docker_image: - default: "ghcr.io/zalando/postgres-operator/logical-backup:v1.12.2" + default: "ghcr.io/zalando/postgres-operator/logical-backup:v1.13.0" type: "string" logical_backup_google_application_credentials: type: "string" @@ -473,7 +472,7 @@ spec: major_version_upgrade: properties: major_version_upgrade_mode: - default: "off" + default: "manual" type: "string" major_version_upgrade_team_allow_list: items: diff --git a/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/postgresqls.yaml b/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/postgresqls.yaml index 6f2242194..b9a0f7d17 100644 --- a/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/postgresqls.yaml +++ b/crd-catalog/zalando/postgres-operator/acid.zalan.do/v1/postgresqls.yaml @@ -205,7 +205,7 @@ spec: type: "string" maintenanceWindows: items: - pattern: "^\\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\\d):([0-5]?\\d)|(2[0-3]|[01]?\\d):([0-5]?\\d))-((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\\d):([0-5]?\\d)|(2[0-3]|[01]?\\d):([0-5]?\\d))\\ *$" + pattern: "^\\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\\d):([0-5]?\\d)|(2[0-3]|[01]?\\d):([0-5]?\\d))-((2[0-3]|[01]?\\d):([0-5]?\\d)|(2[0-3]|[01]?\\d):([0-5]?\\d))\\ *$" type: "string" type: "array" masterServiceAnnotations: diff --git a/kube-custom-resources-rs/src/acme_cert_manager_io/v1/challenges.rs b/kube-custom-resources-rs/src/acme_cert_manager_io/v1/challenges.rs index eaa713d5f..600c99ed4 100644 --- a/kube-custom-resources-rs/src/acme_cert_manager_io/v1/challenges.rs +++ b/kube-custom-resources-rs/src/acme_cert_manager_io/v1/challenges.rs @@ -628,15 +628,12 @@ pub struct ChallengeSolverHttp01GatewayHttpRoute { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -646,45 +643,37 @@ pub struct ChallengeSolverHttp01GatewayHttpRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: /// Gateway has the AllowedRoutes field, and ReferenceGrant provides a /// generic way to enable any other kind of cross-namespace reference. /// - /// /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -692,14 +681,12 @@ pub struct ChallengeSolverHttp01GatewayHttpRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -708,19 +695,16 @@ pub struct ChallengeSolverHttp01GatewayHttpRouteParentRefs { /// and SectionName are specified, the name and port of the selected listener /// must match both specified values. /// - /// /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -729,14 +713,12 @@ pub struct ChallengeSolverHttp01GatewayHttpRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -744,12 +726,10 @@ pub struct ChallengeSolverHttp01GatewayHttpRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -759,7 +739,6 @@ pub struct ChallengeSolverHttp01GatewayHttpRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] pub section_name: Option, @@ -1032,7 +1011,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1043,7 +1022,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1153,7 +1132,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1164,7 +1143,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1305,7 +1284,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1316,7 +1295,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1426,7 +1405,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1437,7 +1416,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1535,9 +1514,7 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecImagePullSecrets /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1549,12 +1526,10 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -1655,7 +1630,6 @@ pub struct ChallengeSolverHttp01GatewayHttpRoutePodTemplateSpecSecurityContextSe /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2035,7 +2009,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferr /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2046,7 +2020,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferr /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2156,7 +2130,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequire /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2167,7 +2141,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequire /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2308,7 +2282,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPre /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2319,7 +2293,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPre /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2429,7 +2403,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityReq /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2440,7 +2414,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityReq /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2538,9 +2512,7 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2552,12 +2524,10 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -2658,7 +2628,6 @@ pub struct ChallengeSolverHttp01IngressPodTemplateSpecSecurityContextSeccompProf /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs index 61e0a8114..4ae17d0e9 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs @@ -707,6 +707,14 @@ pub struct ComponentDefinitionLifecycleActions { /// and other administrative tasks. /// /// + /// The container executing this action has access to following variables: + /// + /// + /// - KB_ACCOUNT_NAME: The name of the system account to be created. + /// - KB_ACCOUNT_PASSWORD: The password for the system account. // TODO: how to pass the password securely? + /// - KB_ACCOUNT_STATEMENT: The statement used to create the system account. + /// + /// /// Note: This field is immutable once it has been set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accountProvision")] pub account_provision: Option, @@ -840,34 +848,6 @@ pub struct ComponentDefinitionLifecycleActions { /// The PostProvision Action is intended to run only once. /// /// - /// The container executing this action has access to following environment variables: - /// - /// - /// - KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., "podIp1,podIp2"). - /// - KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., "pod1,pod2"). - /// - KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in - /// KB_CLUSTER_POD_NAME_LIST (e.g., "hostName1,hostName2"). - /// - KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in - /// KB_CLUSTER_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). - /// - /// - /// - KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component - /// (e.g., "pod1,pod2"). - /// - KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses, - /// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "podIp1,podIp2"). - /// - KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod, - /// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostName1,hostName2"). - /// - KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod, - /// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). - /// - /// - /// - KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., "comp1,comp2"). - /// - KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted - /// (e.g., "comp1,comp2"). - /// - KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted - /// (e.g., "comp1,comp2"). - /// - /// /// Note: This field is immutable once it has been set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "postProvision")] pub post_provision: Option, @@ -882,41 +862,6 @@ pub struct ComponentDefinitionLifecycleActions { /// until the PreTerminate action has completed successfully. /// /// - /// The container executing this action has access to following environment variables: - /// - /// - /// - KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., "podIp1,podIp2"). - /// - KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., "pod1,pod2"). - /// - KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in - /// KB_CLUSTER_POD_NAME_LIST (e.g., "hostName1,hostName2"). - /// - KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in - /// KB_CLUSTER_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). - /// - /// - /// - KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component - /// (e.g., "pod1,pod2"). - /// - KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses, - /// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "podIp1,podIp2"). - /// - KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod, - /// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostName1,hostName2"). - /// - KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod, - /// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). - /// - /// - /// - KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., "comp1,comp2"). - /// - KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted - /// (e.g., "comp1,comp2"). - /// - KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted - /// (e.g., "comp1,comp2"). - /// - /// - /// - KB_CLUSTER_COMPONENT_IS_SCALING_IN: Indicates whether the component is currently scaling in. - /// If this variable is present and set to "true", it denotes that the component is undergoing a scale-in operation. - /// During scale-in, data rebalancing is necessary to maintain cluster integrity. - /// Contrast this with a cluster deletion scenario where data rebalancing is not required as the entire cluster - /// is being cleaned up. - /// - /// /// Note: This field is immutable once it has been set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preTerminate")] pub pre_terminate: Option, @@ -1008,12 +953,9 @@ pub struct ComponentDefinitionLifecycleActions { /// involving the current leader node. /// /// - /// The container executing this action has access to following environment variables: + /// The container executing this action has access to following variables: /// /// - /// - KB_LEADER_POD_IP: The IP address of the current leader's pod prior to the switchover. - /// - KB_LEADER_POD_NAME: The name of the current leader's pod prior to the switchover. - /// - KB_LEADER_POD_FQDN: The FQDN of the current leader's pod prior to the switchover. /// - KB_SWITCHOVER_CANDIDATE_NAME: The name of the pod for the new leader candidate, which may not be specified (empty). /// - KB_SWITCHOVER_CANDIDATE_FQDN: The FQDN of the new leader candidate's pod, which may not be specified (empty). /// @@ -1031,6 +973,14 @@ pub struct ComponentDefinitionLifecycleActions { /// and other administrative tasks. /// /// +/// The container executing this action has access to following variables: +/// +/// +/// - KB_ACCOUNT_NAME: The name of the system account to be created. +/// - KB_ACCOUNT_PASSWORD: The password for the system account. // TODO: how to pass the password securely? +/// - KB_ACCOUNT_STATEMENT: The statement used to create the system account. +/// +/// /// Note: This field is immutable once it has been set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionLifecycleActionsAccountProvision { @@ -1099,18 +1049,20 @@ pub struct ComponentDefinitionLifecycleActionsAccountProvisionExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// /// + /// - volume mounts /// - /// Note: This field is reserved for future use and is not currently active. + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -1124,7 +1076,7 @@ pub struct ComponentDefinitionLifecycleActionsAccountProvisionExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -1140,9 +1092,6 @@ pub struct ComponentDefinitionLifecycleActionsAccountProvisionExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -1150,10 +1099,12 @@ pub struct ComponentDefinitionLifecycleActionsAccountProvisionExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -1372,18 +1323,20 @@ pub struct ComponentDefinitionLifecycleActionsDataDumpExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// /// + /// - volume mounts /// - /// Note: This field is reserved for future use and is not currently active. + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -1397,7 +1350,7 @@ pub struct ComponentDefinitionLifecycleActionsDataDumpExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -1413,9 +1366,6 @@ pub struct ComponentDefinitionLifecycleActionsDataDumpExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -1423,10 +1373,12 @@ pub struct ComponentDefinitionLifecycleActionsDataDumpExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -1644,18 +1596,20 @@ pub struct ComponentDefinitionLifecycleActionsDataLoadExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// /// + /// - volume mounts /// - /// Note: This field is reserved for future use and is not currently active. + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -1669,7 +1623,7 @@ pub struct ComponentDefinitionLifecycleActionsDataLoadExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -1685,9 +1639,6 @@ pub struct ComponentDefinitionLifecycleActionsDataLoadExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -1695,10 +1646,12 @@ pub struct ComponentDefinitionLifecycleActionsDataLoadExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -1935,18 +1888,20 @@ pub struct ComponentDefinitionLifecycleActionsMemberJoinExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: /// /// - /// Note: This field is reserved for future use and is not currently active. + /// - volume mounts + /// + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -1960,7 +1915,7 @@ pub struct ComponentDefinitionLifecycleActionsMemberJoinExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -1976,9 +1931,6 @@ pub struct ComponentDefinitionLifecycleActionsMemberJoinExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -1986,10 +1938,12 @@ pub struct ComponentDefinitionLifecycleActionsMemberJoinExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -2226,18 +2180,20 @@ pub struct ComponentDefinitionLifecycleActionsMemberLeaveExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// + /// + /// - volume mounts /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -2251,7 +2207,7 @@ pub struct ComponentDefinitionLifecycleActionsMemberLeaveExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -2267,9 +2223,6 @@ pub struct ComponentDefinitionLifecycleActionsMemberLeaveExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -2277,10 +2230,12 @@ pub struct ComponentDefinitionLifecycleActionsMemberLeaveExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -2424,34 +2379,6 @@ pub struct ComponentDefinitionLifecycleActionsMemberLeaveRetryPolicy { /// The PostProvision Action is intended to run only once. /// /// -/// The container executing this action has access to following environment variables: -/// -/// -/// - KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., "podIp1,podIp2"). -/// - KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., "pod1,pod2"). -/// - KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in -/// KB_CLUSTER_POD_NAME_LIST (e.g., "hostName1,hostName2"). -/// - KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in -/// KB_CLUSTER_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). -/// -/// -/// - KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component -/// (e.g., "pod1,pod2"). -/// - KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses, -/// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "podIp1,podIp2"). -/// - KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod, -/// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostName1,hostName2"). -/// - KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod, -/// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). -/// -/// -/// - KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., "comp1,comp2"). -/// - KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted -/// (e.g., "comp1,comp2"). -/// - KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted -/// (e.g., "comp1,comp2"). -/// -/// /// Note: This field is immutable once it has been set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionLifecycleActionsPostProvision { @@ -2520,18 +2447,20 @@ pub struct ComponentDefinitionLifecycleActionsPostProvisionExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// + /// + /// - volume mounts /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -2545,7 +2474,7 @@ pub struct ComponentDefinitionLifecycleActionsPostProvisionExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -2561,9 +2490,6 @@ pub struct ComponentDefinitionLifecycleActionsPostProvisionExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -2571,10 +2497,12 @@ pub struct ComponentDefinitionLifecycleActionsPostProvisionExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -2718,41 +2646,6 @@ pub struct ComponentDefinitionLifecycleActionsPostProvisionRetryPolicy { /// until the PreTerminate action has completed successfully. /// /// -/// The container executing this action has access to following environment variables: -/// -/// -/// - KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., "podIp1,podIp2"). -/// - KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., "pod1,pod2"). -/// - KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in -/// KB_CLUSTER_POD_NAME_LIST (e.g., "hostName1,hostName2"). -/// - KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in -/// KB_CLUSTER_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). -/// -/// -/// - KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component -/// (e.g., "pod1,pod2"). -/// - KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses, -/// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "podIp1,podIp2"). -/// - KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod, -/// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostName1,hostName2"). -/// - KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod, -/// matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., "hostIp1,hostIp2"). -/// -/// -/// - KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., "comp1,comp2"). -/// - KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted -/// (e.g., "comp1,comp2"). -/// - KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted -/// (e.g., "comp1,comp2"). -/// -/// -/// - KB_CLUSTER_COMPONENT_IS_SCALING_IN: Indicates whether the component is currently scaling in. -/// If this variable is present and set to "true", it denotes that the component is undergoing a scale-in operation. -/// During scale-in, data rebalancing is necessary to maintain cluster integrity. -/// Contrast this with a cluster deletion scenario where data rebalancing is not required as the entire cluster -/// is being cleaned up. -/// -/// /// Note: This field is immutable once it has been set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionLifecycleActionsPreTerminate { @@ -2821,18 +2714,20 @@ pub struct ComponentDefinitionLifecycleActionsPreTerminateExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// + /// + /// - volume mounts /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -2846,7 +2741,7 @@ pub struct ComponentDefinitionLifecycleActionsPreTerminateExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -2862,9 +2757,6 @@ pub struct ComponentDefinitionLifecycleActionsPreTerminateExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -2872,10 +2764,12 @@ pub struct ComponentDefinitionLifecycleActionsPreTerminateExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -3093,18 +2987,20 @@ pub struct ComponentDefinitionLifecycleActionsReadonlyExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// /// + /// - volume mounts /// - /// Note: This field is reserved for future use and is not currently active. + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -3118,7 +3014,7 @@ pub struct ComponentDefinitionLifecycleActionsReadonlyExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -3134,9 +3030,6 @@ pub struct ComponentDefinitionLifecycleActionsReadonlyExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -3144,10 +3037,12 @@ pub struct ComponentDefinitionLifecycleActionsReadonlyExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -3367,18 +3262,20 @@ pub struct ComponentDefinitionLifecycleActionsReadwriteExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: /// /// - /// Note: This field is reserved for future use and is not currently active. + /// - volume mounts + /// + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -3392,7 +3289,7 @@ pub struct ComponentDefinitionLifecycleActionsReadwriteExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -3408,9 +3305,6 @@ pub struct ComponentDefinitionLifecycleActionsReadwriteExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -3418,10 +3312,12 @@ pub struct ComponentDefinitionLifecycleActionsReadwriteExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -3628,18 +3524,20 @@ pub struct ComponentDefinitionLifecycleActionsReconfigureExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: + /// + /// + /// - volume mounts /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -3653,7 +3551,7 @@ pub struct ComponentDefinitionLifecycleActionsReconfigureExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -3669,9 +3567,6 @@ pub struct ComponentDefinitionLifecycleActionsReconfigureExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -3679,10 +3574,12 @@ pub struct ComponentDefinitionLifecycleActionsReconfigureExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -3927,18 +3824,20 @@ pub struct ComponentDefinitionLifecycleActionsRoleProbeExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: /// /// - /// Note: This field is reserved for future use and is not currently active. + /// - volume mounts + /// + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -3952,7 +3851,7 @@ pub struct ComponentDefinitionLifecycleActionsRoleProbeExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -3968,9 +3867,6 @@ pub struct ComponentDefinitionLifecycleActionsRoleProbeExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -3978,10 +3874,12 @@ pub struct ComponentDefinitionLifecycleActionsRoleProbeExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -4120,12 +4018,9 @@ pub struct ComponentDefinitionLifecycleActionsRoleProbeRetryPolicy { /// involving the current leader node. /// /// -/// The container executing this action has access to following environment variables: +/// The container executing this action has access to following variables: /// /// -/// - KB_LEADER_POD_IP: The IP address of the current leader's pod prior to the switchover. -/// - KB_LEADER_POD_NAME: The name of the current leader's pod prior to the switchover. -/// - KB_LEADER_POD_FQDN: The FQDN of the current leader's pod prior to the switchover. /// - KB_SWITCHOVER_CANDIDATE_NAME: The name of the pod for the new leader candidate, which may not be specified (empty). /// - KB_SWITCHOVER_CANDIDATE_FQDN: The FQDN of the new leader candidate's pod, which may not be specified (empty). /// @@ -4198,18 +4093,20 @@ pub struct ComponentDefinitionLifecycleActionsSwitchoverExec { /// A successful execution is indicated by an exit status of 0; any non-zero status signifies a failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Defines the name of the container within the target Pod where the action will be executed. + /// Specifies the name of the container within the same pod whose resources will be shared with the action. + /// This allows the action to utilize the specified container's resources without executing within it. /// /// - /// This name must correspond to one of the containers defined in `componentDefinition.spec.runtime`. - /// If this field is not specified, the default behavior is to use the first container listed in - /// `componentDefinition.spec.runtime`. + /// The name must match one of the containers defined in `componentDefinition.spec.runtime`. /// /// - /// This field cannot be updated. + /// The resources that can be shared are included: /// /// - /// Note: This field is reserved for future use and is not currently active. + /// - volume mounts + /// + /// + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, /// Represents a list of environment variables that will be injected into the container. @@ -4223,7 +4120,7 @@ pub struct ComponentDefinitionLifecycleActionsSwitchoverExec { /// /// /// When specified, a dedicated container will be created using this image to execute the Action. - /// This field is mutually exclusive with the `container` field; only one of them should be provided. + /// All actions with same image will share the same container. /// /// /// This field cannot be updated. @@ -4239,9 +4136,6 @@ pub struct ComponentDefinitionLifecycleActionsSwitchoverExec { /// /// /// This field cannot be updated. - /// - /// - /// Note: This field is reserved for future use and is not currently active. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchingKey")] pub matching_key: Option, /// Defines the criteria used to select the target Pod(s) for executing the Action. @@ -4249,10 +4143,12 @@ pub struct ComponentDefinitionLifecycleActionsSwitchoverExec { /// It allows for precise control over which Pod(s) the Action should run in. /// /// - /// This field cannot be updated. + /// If not specified, the Action will be executed in the pod where the Action is triggered, such as the pod + /// to be removed or added; or a random pod if the Action is triggered at the component level, such as + /// post-provision or pre-terminate of the component. /// /// - /// Note: This field is reserved for future use and is not currently active. + /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPodSelector")] pub target_pod_selector: Option, } @@ -11640,6 +11536,9 @@ pub struct ComponentDefinitionVars { /// Source for the variable's value. Cannot be used if value is not empty. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionVarsValueFrom { + /// Selects a defined var of a Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterVarRef")] + pub cluster_var_ref: Option, /// Selects a defined var of a Component. #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentVarRef")] pub component_var_ref: Option, @@ -11663,6 +11562,41 @@ pub struct ComponentDefinitionVarsValueFrom { pub service_var_ref: Option, } +/// Selects a defined var of a Cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionVarsValueFromClusterVarRef { + /// Reference to the name of the Cluster object. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterName")] + pub cluster_name: Option, + /// Reference to the UID of the Cluster object. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterUID")] + pub cluster_uid: Option, + /// Reference to the namespace of the Cluster object. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Selects a defined var of a Cluster. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromClusterVarRefClusterName { + Required, + Optional, +} + +/// Selects a defined var of a Cluster. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromClusterVarRefClusterUid { + Required, + Optional, +} + +/// Selects a defined var of a Cluster. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromClusterVarRefNamespace { + Required, + Optional, +} + /// Selects a defined var of a Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionVarsValueFromComponentVarRef { @@ -11673,10 +11607,6 @@ pub struct ComponentDefinitionVarsValueFromComponentVarRef { /// Reference to the name of the Component object. #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentName")] pub component_name: Option, - /// Reference to the instanceName list of the component. - /// and the value will be presented in the following format: instanceName1,instanceName2,... - #[serde(default, skip_serializing_if = "Option::is_none", rename = "instanceNames")] - pub instance_names: Option, /// This option defines the behavior when multiple component objects match the specified @CompDef. /// If not provided, an error will be raised when handling multiple matches. #[serde(default, skip_serializing_if = "Option::is_none", rename = "multipleClusterObjectOption")] @@ -11691,6 +11621,18 @@ pub struct ComponentDefinitionVarsValueFromComponentVarRef { /// The value will be presented in the following format: FQDN1,FQDN2,... #[serde(default, skip_serializing_if = "Option::is_none", rename = "podFQDNs")] pub pod_fqd_ns: Option, + /// Reference to the pod FQDN list of the component that have a specific role. + /// The value will be presented in the following format: FQDN1,FQDN2,... + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podFQDNsForRole")] + pub pod_fqd_ns_for_role: Option, + /// Reference to the pod name list of the component. + /// and the value will be presented in the following format: name1,name2,... + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podNames")] + pub pod_names: Option, + /// Reference to the pod name list of the component that have a specific role. + /// The value will be presented in the following format: name1,name2,... + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podNamesForRole")] + pub pod_names_for_role: Option, /// Reference to the replicas of the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, @@ -11703,13 +11645,6 @@ pub enum ComponentDefinitionVarsValueFromComponentVarRefComponentName { Optional, } -/// Selects a defined var of a Component. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ComponentDefinitionVarsValueFromComponentVarRefInstanceNames { - Required, - Optional, -} - /// This option defines the behavior when multiple component objects match the specified @CompDef. /// If not provided, an error will be raised when handling multiple matches. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] @@ -11767,6 +11702,51 @@ pub enum ComponentDefinitionVarsValueFromComponentVarRefPodFqdNs { Optional, } +/// Reference to the pod FQDN list of the component that have a specific role. +/// The value will be presented in the following format: FQDN1,FQDN2,... +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionVarsValueFromComponentVarRefPodFqdNsForRole { + /// VarOption defines whether a variable is required or optional. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub option: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, +} + +/// Reference to the pod FQDN list of the component that have a specific role. +/// The value will be presented in the following format: FQDN1,FQDN2,... +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromComponentVarRefPodFqdNsForRoleOption { + Required, + Optional, +} + +/// Selects a defined var of a Component. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromComponentVarRefPodNames { + Required, + Optional, +} + +/// Reference to the pod name list of the component that have a specific role. +/// The value will be presented in the following format: name1,name2,... +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionVarsValueFromComponentVarRefPodNamesForRole { + /// VarOption defines whether a variable is required or optional. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub option: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, +} + +/// Reference to the pod name list of the component that have a specific role. +/// The value will be presented in the following format: name1,name2,... +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromComponentVarRefPodNamesForRoleOption { + Required, + Optional, +} + /// Selects a defined var of a Component. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ComponentDefinitionVarsValueFromComponentVarRefReplicas { @@ -12144,6 +12124,9 @@ pub struct ComponentDefinitionVarsValueFromServiceVarRef { /// and the value will be presented in the following format: service1.name:port1,service2.name:port2... #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, + /// ServiceType references the type of the service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] + pub service_type: Option, } /// Selects a defined var of a Service. @@ -12235,6 +12218,13 @@ pub enum ComponentDefinitionVarsValueFromServiceVarRefPortOption { Optional, } +/// Selects a defined var of a Service. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromServiceVarRefServiceType { + Required, + Optional, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionVolumes { /// Sets the critical threshold for volume space utilization as a percentage (0-100). diff --git a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs index b7f566bb1..37972ecc6 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs @@ -85,16 +85,20 @@ pub struct ApplicationOperationSync { /// Resources describes which resources shall be part of the sync #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. + /// Revision is the revision (Git) or chart version (Helm) which to sync the application to + /// If omitted, will use the revision specified in app spec. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, - /// Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to If omitted, will use the revision specified in app spec. + /// Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + /// If omitted, will use the revision specified in app spec. #[serde(default, skip_serializing_if = "Option::is_none")] pub revisions: Option>, - /// Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation + /// Source overrides the source definition set in the application. + /// This is typically set in a Rollback operation and is nil during a Sync operation #[serde(default, skip_serializing_if = "Option::is_none")] pub source: Option, - /// Sources overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation + /// Sources overrides the source definition set in the application. + /// This is typically set in a Rollback operation and is nil during a Sync operation #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, /// SyncOptions provide per-sync sync-options, e.g. Validate=false @@ -116,7 +120,8 @@ pub struct ApplicationOperationSyncResources { pub namespace: Option, } -/// Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation +/// Source overrides the source definition set in the application. +/// This is typically set in a Rollback operation and is nil during a Sync operation #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSource { /// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. @@ -143,7 +148,9 @@ pub struct ApplicationOperationSyncSource { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -406,7 +413,9 @@ pub struct ApplicationOperationSyncSources { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -656,7 +665,9 @@ pub struct ApplicationOperationSyncSyncStrategy { /// Apply will perform a `kubectl apply` to perform the sync. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSyncStrategyApply { - /// Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + /// Force indicates whether or not to supply the --force flag to `kubectl apply`. + /// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + /// retried for 5 times. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, } @@ -664,7 +675,9 @@ pub struct ApplicationOperationSyncSyncStrategyApply { /// Hook will submit any referenced resources to perform the sync. This is the default strategy #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSyncStrategyHook { - /// Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + /// Force indicates whether or not to supply the --force flag to `kubectl apply`. + /// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + /// retried for 5 times. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, } @@ -685,9 +698,14 @@ pub struct ApplicationSpec { /// Info contains a list of information (URLs, email addresses, and plain text) that relates to the application #[serde(default, skip_serializing_if = "Option::is_none")] pub info: Option>, - /// Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project. + /// Project is a reference to the project this application belongs to. + /// The empty string means that application belongs to the 'default' project. pub project: String, - /// RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. + /// RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + /// This should only be changed in exceptional circumstances. + /// Setting to zero will store no history. This will reduce storage used. + /// Increasing will increase the space used to store the history, so we do not recommend increasing it. + /// Default is 10. #[serde(default, skip_serializing_if = "Option::is_none", rename = "revisionHistoryLimit")] pub revision_history_limit: Option, /// Source is a reference to the location of the application's manifests or chart @@ -707,7 +725,8 @@ pub struct ApplicationDestination { /// Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + /// Namespace specifies the target namespace for the application's resources. + /// The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. @@ -725,7 +744,8 @@ pub struct ApplicationIgnoreDifferences { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPointers")] pub json_pointers: Option>, pub kind: String, - /// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the desired state defined in the SCM and won't be displayed in diffs + /// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + /// desired state defined in the SCM and won't be displayed in diffs #[serde(default, skip_serializing_if = "Option::is_none", rename = "managedFieldsManagers")] pub managed_fields_managers: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -767,7 +787,9 @@ pub struct ApplicationSource { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -1030,7 +1052,9 @@ pub struct ApplicationSources { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -1346,7 +1370,8 @@ pub struct ApplicationStatus { /// History contains information about the application's sync history #[serde(default, skip_serializing_if = "Option::is_none")] pub history: Option>, - /// ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field + /// ObservedAt indicates when the application state was updated without querying latest git state + /// Deprecated: controller no longer updates ObservedAt field #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedAt")] pub observed_at: Option, /// OperationState contains information about any ongoing operations, such as a sync @@ -1465,7 +1490,9 @@ pub struct ApplicationStatusHistorySource { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -1728,7 +1755,9 @@ pub struct ApplicationStatusHistorySources { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -2062,16 +2091,20 @@ pub struct ApplicationStatusOperationStateOperationSync { /// Resources describes which resources shall be part of the sync #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. + /// Revision is the revision (Git) or chart version (Helm) which to sync the application to + /// If omitted, will use the revision specified in app spec. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, - /// Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to If omitted, will use the revision specified in app spec. + /// Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + /// If omitted, will use the revision specified in app spec. #[serde(default, skip_serializing_if = "Option::is_none")] pub revisions: Option>, - /// Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation + /// Source overrides the source definition set in the application. + /// This is typically set in a Rollback operation and is nil during a Sync operation #[serde(default, skip_serializing_if = "Option::is_none")] pub source: Option, - /// Sources overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation + /// Sources overrides the source definition set in the application. + /// This is typically set in a Rollback operation and is nil during a Sync operation #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, /// SyncOptions provide per-sync sync-options, e.g. Validate=false @@ -2093,7 +2126,8 @@ pub struct ApplicationStatusOperationStateOperationSyncResources { pub namespace: Option, } -/// Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation +/// Source overrides the source definition set in the application. +/// This is typically set in a Rollback operation and is nil during a Sync operation #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSource { /// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. @@ -2120,7 +2154,9 @@ pub struct ApplicationStatusOperationStateOperationSyncSource { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -2383,7 +2419,9 @@ pub struct ApplicationStatusOperationStateOperationSyncSources { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -2633,7 +2671,9 @@ pub struct ApplicationStatusOperationStateOperationSyncSyncStrategy { /// Apply will perform a `kubectl apply` to perform the sync. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSyncStrategyApply { - /// Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + /// Force indicates whether or not to supply the --force flag to `kubectl apply`. + /// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + /// retried for 5 times. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, } @@ -2641,7 +2681,9 @@ pub struct ApplicationStatusOperationStateOperationSyncSyncStrategyApply { /// Hook will submit any referenced resources to perform the sync. This is the default strategy #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSyncStrategyHook { - /// Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + /// Force indicates whether or not to supply the --force flag to `kubectl apply`. + /// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + /// retried for 5 times. #[serde(default, skip_serializing_if = "Option::is_none")] pub force: Option, } @@ -2682,7 +2724,8 @@ pub struct ApplicationStatusOperationStateSyncResultManagedNamespaceMetadata { pub struct ApplicationStatusOperationStateSyncResultResources { /// Group specifies the API group of the resource pub group: String, - /// HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources. + /// HookPhase contains the state of any operation associated with this resource OR hook + /// This can also contain values for non-hook resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hookPhase")] pub hook_phase: Option, /// HookType specifies the type of the hook. Empty for non-hook resources @@ -2734,7 +2777,9 @@ pub struct ApplicationStatusOperationStateSyncResultSource { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -2997,7 +3042,9 @@ pub struct ApplicationStatusOperationStateSyncResultSources { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -3233,7 +3280,8 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesPluginParameters { pub string: Option, } -/// ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type +/// ResourceStatus holds the current sync and health status of a resource +/// TODO: describe members of this type #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusResources { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3320,7 +3368,8 @@ pub struct ApplicationStatusSyncComparedToDestination { /// Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + /// Namespace specifies the target namespace for the application's resources. + /// The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. @@ -3338,7 +3387,8 @@ pub struct ApplicationStatusSyncComparedToIgnoreDifferences { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonPointers")] pub json_pointers: Option>, pub kind: String, - /// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the desired state defined in the SCM and won't be displayed in diffs + /// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + /// desired state defined in the SCM and won't be displayed in diffs #[serde(default, skip_serializing_if = "Option::is_none", rename = "managedFieldsManagers")] pub managed_fields_managers: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3374,7 +3424,9 @@ pub struct ApplicationStatusSyncComparedToSource { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } @@ -3637,7 +3689,9 @@ pub struct ApplicationStatusSyncComparedToSources { /// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests #[serde(rename = "repoURL")] pub repo_url: String, - /// TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + /// TargetRevision defines the revision of the source to sync the application to. + /// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + /// In case of Helm, this is a semver tag for the Chart's version. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, } diff --git a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs index 604771fde..a39018fc0 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs @@ -59,14 +59,16 @@ pub struct AppProjectSpec { pub sync_windows: Option>, } -/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types +/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying +/// concepts during lookup stages without having partially valid types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppProjectClusterResourceBlacklist { pub group: String, pub kind: String, } -/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types +/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying +/// concepts during lookup stages without having partially valid types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppProjectClusterResourceWhitelist { pub group: String, @@ -79,7 +81,8 @@ pub struct AppProjectDestinations { /// Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + /// Namespace specifies the target namespace for the application's resources. + /// The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. @@ -87,14 +90,16 @@ pub struct AppProjectDestinations { pub server: Option, } -/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types +/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying +/// concepts during lookup stages without having partially valid types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppProjectNamespaceResourceBlacklist { pub group: String, pub kind: String, } -/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types +/// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying +/// concepts during lookup stages without having partially valid types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppProjectNamespaceResourceWhitelist { pub group: String, diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephcosidrivers.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephcosidrivers.rs index 101a815eb..dd816ddc5 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephcosidrivers.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephcosidrivers.rs @@ -403,11 +403,9 @@ pub struct CephCOSIDriverResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -430,5 +428,10 @@ pub struct CephCOSIDriverResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystemmirrors.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystemmirrors.rs index ecd4ced5f..8fbffd9ee 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystemmirrors.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystemmirrors.rs @@ -397,11 +397,9 @@ pub struct CephFilesystemMirrorResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -424,6 +422,11 @@ pub struct CephFilesystemMirrorResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Status represents the status of an object diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs index 6ac2a335c..311f37eae 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs @@ -522,7 +522,6 @@ pub struct CephFilesystemMetadataServerLivenessProbeProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -933,11 +932,9 @@ pub struct CephFilesystemMetadataServerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -960,6 +957,11 @@ pub struct CephFilesystemMetadataServerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon @@ -1035,7 +1037,6 @@ pub struct CephFilesystemMetadataServerStartupProbeProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs index 93f7c8df9..758f0ccad 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs @@ -63,13 +63,11 @@ pub struct CephNFSSecurityKerberos { /// ConfigFiles defines where the Kerberos configuration should be sourced from. Config files /// will be placed into the `/etc/krb5.conf.rook/` directory. /// - /// /// If this is left empty, Rook will not add any files. This allows you to manage the files /// yourself however you wish. For example, you may build them into your custom Ceph container /// image or use the Vault agent injector to securely add the files via annotations on the /// CephNFS spec (passed to the NFS server pods). /// - /// /// Rook configures Kerberos to log to stderr. We suggest removing logging sections from config /// files to avoid consuming unnecessary disk space from logging to files. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configFiles")] @@ -97,13 +95,11 @@ pub struct CephNFSSecurityKerberos { /// ConfigFiles defines where the Kerberos configuration should be sourced from. Config files /// will be placed into the `/etc/krb5.conf.rook/` directory. /// -/// /// If this is left empty, Rook will not add any files. This allows you to manage the files /// yourself however you wish. For example, you may build them into your custom Ceph container /// image or use the Vault agent injector to securely add the files via annotations on the /// CephNFS spec (passed to the NFS server pods). /// -/// /// Rook configures Kerberos to log to stderr. We suggest removing logging sections from config /// files to avoid consuming unnecessary disk space from logging to files. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -804,11 +800,9 @@ pub struct CephNFSSecuritySssdSidecarResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -831,6 +825,11 @@ pub struct CephNFSSecuritySssdSidecarResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SSSDConfigFile defines where the SSSD configuration should be sourced from. The config file @@ -1158,7 +1157,6 @@ pub struct CephNFSServerLivenessProbeProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1569,11 +1567,9 @@ pub struct CephNFSServerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1596,6 +1592,11 @@ pub struct CephNFSServerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Status represents the status of an object diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs index 97766d8e8..d95e88d5b 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs @@ -708,11 +708,9 @@ pub struct CephObjectStoreGatewayResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -735,6 +733,11 @@ pub struct CephObjectStoreGatewayResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The configuration related to add/set on each rgw service. @@ -831,7 +834,6 @@ pub struct CephObjectStoreHealthCheckReadinessProbeProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -955,7 +957,6 @@ pub struct CephObjectStoreHealthCheckStartupProbeProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs index 5653f7b45..89a5c1631 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs @@ -27,7 +27,6 @@ pub struct CephObjectZoneSpec { /// CephObjectStore associated with this CephObjectStoreZone reachable to peer clusters. /// The list can have one or more endpoints pointing to different RGW servers in the zone. /// - /// /// If a CephObjectStore endpoint is omitted from this list, that object store's gateways will /// not receive multisite replication data /// (see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic). diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephrbdmirrors.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephrbdmirrors.rs index 27a985fc6..c3e371445 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephrbdmirrors.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephrbdmirrors.rs @@ -410,11 +410,9 @@ pub struct CephRBDMirrorResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -437,6 +435,11 @@ pub struct CephRBDMirrorResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Status represents the status of an object diff --git a/kube-custom-resources-rs/src/cert_manager_io/v1/certificaterequests.rs b/kube-custom-resources-rs/src/cert_manager_io/v1/certificaterequests.rs index 10a7e3b9c..457bf0565 100644 --- a/kube-custom-resources-rs/src/cert_manager_io/v1/certificaterequests.rs +++ b/kube-custom-resources-rs/src/cert_manager_io/v1/certificaterequests.rs @@ -37,11 +37,9 @@ pub struct CertificateRequestSpec { /// Requested basic constraints isCA value. Note that the issuer may choose /// to ignore the requested isCA value, just like any other requested attribute. /// - /// /// NOTE: If the CSR in the `Request` field has a BasicConstraints extension, /// it must have the same isCA value as specified here. /// - /// /// If true, this will automatically add the `cert sign` usage to the list /// of requested `usages`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "isCA")] @@ -51,14 +49,12 @@ pub struct CertificateRequestSpec { /// as the Certificate. If the issuer is cluster-scoped, it can be used /// from any namespace. /// - /// /// The `name` field of the reference must always be specified. #[serde(rename = "issuerRef")] pub issuer_ref: CertificateRequestIssuerRef, /// The PEM-encoded X.509 certificate signing request to be submitted to the /// issuer for signing. /// - /// /// If the CSR has a BasicConstraints extension, its isCA attribute must /// match the `isCA` value of this CertificateRequest. /// If the CSR has a KeyUsage extension, its key usages must match the @@ -73,12 +69,10 @@ pub struct CertificateRequestSpec { pub uid: Option, /// Requested key usages and extended key usages. /// - /// /// NOTE: If the CSR in the `Request` field has uses the KeyUsage or /// ExtKeyUsage extension, these extensions must have the same values /// as specified here without any additional values. /// - /// /// If unset, defaults to `digital signature` and `key encipherment`. #[serde(default, skip_serializing_if = "Option::is_none")] pub usages: Option>, @@ -93,7 +87,6 @@ pub struct CertificateRequestSpec { /// as the Certificate. If the issuer is cluster-scoped, it can be used /// from any namespace. /// -/// /// The `name` field of the reference must always be specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CertificateRequestIssuerRef { diff --git a/kube-custom-resources-rs/src/cert_manager_io/v1/certificates.rs b/kube-custom-resources-rs/src/cert_manager_io/v1/certificates.rs index 3498c8091..cfc497d1e 100644 --- a/kube-custom-resources-rs/src/cert_manager_io/v1/certificates.rs +++ b/kube-custom-resources-rs/src/cert_manager_io/v1/certificates.rs @@ -24,7 +24,6 @@ pub struct CertificateSpec { /// Defines extra output formats of the private key and signed certificate chain /// to be written to this Certificate's target Secret. /// - /// /// This is a Beta Feature enabled by default. It can be disabled with the /// `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both /// the controller and webhook components. @@ -35,7 +34,6 @@ pub struct CertificateSpec { /// NOTE: TLS clients will ignore this value when any subject alternative name is /// set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). /// - /// /// Should have a length of 64 characters or fewer to avoid generating invalid CSRs. /// Cannot be set if the `literalSubject` field is set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonName")] @@ -47,7 +45,6 @@ pub struct CertificateSpec { /// issuer may choose to ignore the requested duration, just like any other /// requested attribute. /// - /// /// If unset, this defaults to 90 days. /// Minimum accepted duration is 1 hour. /// Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. @@ -58,7 +55,6 @@ pub struct CertificateSpec { pub email_addresses: Option>, /// Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. /// - /// /// This option defaults to true, and should only be disabled if the target /// issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. #[serde(default, skip_serializing_if = "Option::is_none", rename = "encodeUsagesInRequest")] @@ -71,7 +67,6 @@ pub struct CertificateSpec { /// resources. Note that the issuer may choose to ignore the requested isCA value, just /// like any other requested attribute. /// - /// /// If true, this will automatically add the `cert sign` usage to the list /// of requested `usages`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "isCA")] @@ -81,7 +76,6 @@ pub struct CertificateSpec { /// as the Certificate. If the issuer is cluster-scoped, it can be used /// from any namespace. /// - /// /// The `name` field of the reference must always be specified. #[serde(rename = "issuerRef")] pub issuer_ref: CertificateIssuerRef, @@ -97,14 +91,12 @@ pub struct CertificateSpec { /// More info: https://github.com/cert-manager/cert-manager/issues/3203 /// More info: https://github.com/cert-manager/cert-manager/issues/4424 /// - /// /// Cannot be set if the `subject` or `commonName` field is set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "literalSubject")] pub literal_subject: Option, /// x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. /// More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 /// - /// /// This is an Alpha Feature and is only enabled with the /// `--feature-gates=NameConstraints=true` option set on both /// the controller and webhook components. @@ -126,12 +118,10 @@ pub struct CertificateSpec { /// 50 minutes after it was issued (i.e. when there are 10 minutes remaining until /// the certificate is no longer valid). /// - /// /// NOTE: The actual lifetime of the issued certificate is used to determine the /// renewal time. If an issuer returns a certificate with a different lifetime than /// the one requested, cert-manager will use the lifetime of the issued certificate. /// - /// /// If unset, this defaults to 1/3 of the issued certificate's lifetime. /// Minimum accepted value is 5 minutes. /// Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. @@ -144,12 +134,10 @@ pub struct CertificateSpec { /// renew the certificate 45 minutes after it was issued (i.e. when there are 15 /// minutes (25%) remaining until the certificate is no longer valid). /// - /// /// NOTE: The actual lifetime of the issued certificate is used to determine the /// renewal time. If an issuer returns a certificate with a different lifetime than /// the one requested, cert-manager will use the lifetime of the issued certificate. /// - /// /// Value must be an integer in the range (0,100). The minimum effective /// `renewBefore` derived from the `renewBeforePercentage` and `duration` fields is 5 /// minutes. @@ -162,7 +150,6 @@ pub struct CertificateSpec { /// was changed. Revisions will be removed by oldest first if the number of /// revisions exceeds this number. /// - /// /// If set, revisionHistoryLimit must be a value of `1` or greater. /// If unset (`nil`), revisions will not be garbage collected. /// Default value is `nil`. @@ -184,7 +171,6 @@ pub struct CertificateSpec { /// Requested set of X509 certificate subject attributes. /// More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 /// - /// /// The common name attribute is specified separately in the `commonName` field. /// Cannot be set if the `literalSubject` field is set. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -197,7 +183,6 @@ pub struct CertificateSpec { /// resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages /// will additionally be encoded in the `request` field which contains the CSR blob. /// - /// /// If unset, defaults to `digital signature` and `key encipherment`. #[serde(default, skip_serializing_if = "Option::is_none")] pub usages: Option>, @@ -230,7 +215,6 @@ pub enum CertificateAdditionalOutputFormatsType { /// as the Certificate. If the issuer is cluster-scoped, it can be used /// from any namespace. /// -/// /// The `name` field of the reference must always be specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CertificateIssuerRef { @@ -316,7 +300,6 @@ pub struct CertificateKeystoresPkcs12 { /// Profile specifies the key and certificate encryption algorithms and the HMAC algorithm /// used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. /// - /// /// If provided, allowed values are: /// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. /// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. @@ -355,7 +338,6 @@ pub enum CertificateKeystoresPkcs12Profile { /// x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. /// More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 /// -/// /// This is an Alpha Feature and is only enabled with the /// `--feature-gates=NameConstraints=true` option set on both /// the controller and webhook components. @@ -432,7 +414,6 @@ pub struct CertificatePrivateKey { /// Algorithm is the private key algorithm of the corresponding private key /// for this certificate. /// - /// /// If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. /// If `algorithm` is specified and `size` is not provided, /// key size of 2048 will be used for `RSA` key algorithm and @@ -443,7 +424,6 @@ pub struct CertificatePrivateKey { /// The private key cryptography standards (PKCS) encoding for this /// certificate's private key to be encoded in. /// - /// /// If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 /// and PKCS#8, respectively. /// Defaults to `PKCS1` if not specified. @@ -452,7 +432,6 @@ pub struct CertificatePrivateKey { /// RotationPolicy controls how private keys should be regenerated when a /// re-issuance is being processed. /// - /// /// If set to `Never`, a private key will only be generated if one does not /// already exist in the target `spec.secretName`. If one does exists but it /// does not have the correct algorithm or size, a warning will be raised @@ -464,7 +443,6 @@ pub struct CertificatePrivateKey { pub rotation_policy: Option, /// Size is the key bit size of the corresponding private key for this certificate. /// - /// /// If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, /// and will default to `2048` if not specified. /// If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, @@ -522,7 +500,6 @@ pub struct CertificateSecretTemplate { /// Requested set of X509 certificate subject attributes. /// More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 /// -/// /// The common name attribute is specified separately in the `commonName` field. /// Cannot be set if the `literalSubject` field is set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -600,16 +577,13 @@ pub struct CertificateStatus { pub renewal_time: Option, /// The current 'revision' of the certificate as issued. /// - /// /// When a CertificateRequest resource is created, it will have the /// `cert-manager.io/certificate-revision` set to one greater than the /// current value of this field. /// - /// /// Upon issuance, this field will be set to the value of the annotation /// on the CertificateRequest resource used to issue the certificate. /// - /// /// Persisting the value on the CertificateRequest resource allows the /// certificates controller to know whether a request is part of an old /// issuance or if it is part of the ongoing revision's issuance by diff --git a/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs b/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs index 1dd9dd77e..22b0d9df6 100644 --- a/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs +++ b/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs @@ -751,15 +751,12 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoute { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -769,45 +766,37 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: /// Gateway has the AllowedRoutes field, and ReferenceGrant provides a /// generic way to enable any other kind of cross-namespace reference. /// - /// /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -815,14 +804,12 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -831,19 +818,16 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// and SectionName are specified, the name and port of the selected listener /// must match both specified values. /// - /// /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -852,14 +836,12 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -867,12 +849,10 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -882,7 +862,6 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] pub section_name: Option, @@ -1155,7 +1134,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1166,7 +1145,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1276,7 +1255,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1287,7 +1266,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1428,7 +1407,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1439,7 +1418,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1549,7 +1528,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1560,7 +1539,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinity /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1658,9 +1637,7 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecImagePul /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1672,12 +1649,10 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecSecurity /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -1778,7 +1753,6 @@ pub struct ClusterIssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecSecurity /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2158,7 +2132,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2169,7 +2143,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2279,7 +2253,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2290,7 +2264,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffini /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2431,7 +2405,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2442,7 +2416,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2552,7 +2526,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2563,7 +2537,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAf /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2661,9 +2635,7 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2675,12 +2647,10 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -2781,7 +2751,6 @@ pub struct ClusterIssuerAcmeSolversHttp01IngressPodTemplateSpecSecurityContextSe /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. diff --git a/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs b/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs index 58d21cc23..85e1ae191 100644 --- a/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs +++ b/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs @@ -752,15 +752,12 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoute { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -770,45 +767,37 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: /// Gateway has the AllowedRoutes field, and ReferenceGrant provides a /// generic way to enable any other kind of cross-namespace reference. /// - /// /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -816,14 +805,12 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -832,19 +819,16 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// and SectionName are specified, the name and port of the selected listener /// must match both specified values. /// - /// /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -853,14 +837,12 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -868,12 +850,10 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -883,7 +863,6 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] pub section_name: Option, @@ -1156,7 +1135,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1167,7 +1146,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1277,7 +1256,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1288,7 +1267,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAffi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1429,7 +1408,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAnti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1440,7 +1419,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAnti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1550,7 +1529,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAnti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1561,7 +1540,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecAffinityPodAnti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1659,9 +1638,7 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecImagePullSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1673,12 +1650,10 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecSecurityContext /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -1779,7 +1754,6 @@ pub struct IssuerAcmeSolversHttp01GatewayHttpRoutePodTemplateSpecSecurityContext /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2159,7 +2133,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPrefe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2170,7 +2144,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPrefe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2280,7 +2254,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2291,7 +2265,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2432,7 +2406,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityP /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2443,7 +2417,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityP /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2553,7 +2527,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityR /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2564,7 +2538,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityR /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2662,9 +2636,7 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2676,12 +2648,10 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -2782,7 +2752,6 @@ pub struct IssuerAcmeSolversHttp01IngressPodTemplateSpecSecurityContextSeccompPr /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseautoscalers.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseautoscalers.rs index c6a7d1e59..e0a163a17 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseautoscalers.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseautoscalers.rs @@ -24,10 +24,12 @@ pub struct CouchbaseAutoscalerSpec { pub size: i64, } -/// CouchbaseAutoscalerStatus provides information to the HPA to assist with scaling server groups. +/// CouchbaseAutoscalerStatus provides information to the HPA to assist with scaling +/// server groups. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseAutoscalerStatus { - /// LabelSelector allows the HPA to select resources to monitor for resource utilization in order to trigger scaling. + /// LabelSelector allows the HPA to select resources to monitor for resource + /// utilization in order to trigger scaling. #[serde(rename = "labelSelector")] pub label_selector: String, /// Size is the current size of the server group. diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackuprestores.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackuprestores.rs index 6429f4b28..769e44a25 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackuprestores.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackuprestores.rs @@ -10,7 +10,9 @@ mod prelude { } use self::prelude::*; -/// CouchbaseBackupRestoreSpec allows the specification of data restoration to be configured. This includes the backup and repository to restore data from, and the time range of data to be restored. +/// CouchbaseBackupRestoreSpec allows the specification of data restoration to be +/// configured. This includes the backup and repository to restore data from, and +/// the time range of data to be restored. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseBackupRestore", plural = "couchbasebackuprestores")] #[kube(namespaced)] @@ -21,39 +23,67 @@ pub struct CouchbaseBackupRestoreSpec { /// Number of times the restore job should try to execute. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backoffLimit")] pub backoff_limit: Option, - /// The backup resource name associated with this restore, or the backup PVC name to restore from. - pub backup: String, - /// DEPRECATED - by spec.data. Specific buckets can be explicitly included or excluded in the restore, as well as bucket mappings. This field is now ignored. + /// The backup resource name associated with this restore, or the backup PVC + /// name to restore from. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub backup: Option, + /// DEPRECATED - by spec.data. + /// Specific buckets can be explicitly included or excluded in the restore, + /// as well as bucket mappings. This field is now ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub buckets: Option>, - /// Data allows control over what key-value/document data is included in the restore. By default, all data is included. + /// Data allows control over what key-value/document data is included in the + /// restore. By default, all data is included. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// End denotes the last backup to restore from. Omitting this field will only restore the backup referenced by start. This may be specified as an integer index (starting from 1), a string specifying a short date DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. + /// End denotes the last backup to restore from. Omitting this field will only + /// restore the backup referenced by start. This may be specified as + /// an integer index (starting from 1), a string specifying a short date + /// DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. #[serde(default, skip_serializing_if = "Option::is_none")] pub end: Option, - /// Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer than the restore + /// Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer. + /// By default, the system does not force updates, + /// and all updates use Couchbase's conflict resolution mechanism to ensure + /// that if newer data exists on the cluster, + /// older restored data does not overwrite it. + /// However, if `couchbasebackuprestores.spec.forceUpdates` is true, + /// then the backup record will _always_ overwrite the cluster record, + /// regardless of Couchbase's conflict resolution. #[serde(default, skip_serializing_if = "Option::is_none", rename = "forceUpdates")] pub force_updates: Option, - /// Number of hours to hold restore script logs for, everything older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration + /// Number of hours to hold restore script logs for, everything older will be deleted. + /// More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "logRetention")] pub log_retention: Option, /// The remote destination for backup. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStore")] pub object_store: Option, - /// Repo is the backup folder to restore from. If no repository is specified, the backup container will choose the latest. + /// Overwrites the already existing users in the cluster when user restoration is enabled (spec.services.users). + /// The default behavior of backup/restore of users is to skip already existing users. + /// This is only available for Couchbase Server 7.6 and later. + /// This field defaults to `false`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "overwriteUsers")] + pub overwrite_users: Option, + /// Repo is the backup folder to restore from. If no repository is specified, + /// the backup container will choose the latest. #[serde(default, skip_serializing_if = "Option::is_none")] pub repo: Option, - /// DEPRECATED - by spec.objectStore.uri Name of S3 bucket to restore from. If non-empty this overrides local backup. + /// DEPRECATED - by spec.objectStore.uri + /// Name of S3 bucket to restore from. If non-empty this overrides local backup. #[serde(default, skip_serializing_if = "Option::is_none")] pub s3bucket: Option, /// This list accepts a certain set of parameters that will disable that data and prevent it being restored. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option, - /// StagingVolume contains configuration related to the ephemeral volume used as staging when restoring from a cloud backup. + /// StagingVolume contains configuration related to the + /// ephemeral volume used as staging when restoring from a cloud backup. #[serde(default, skip_serializing_if = "Option::is_none", rename = "stagingVolume")] pub staging_volume: Option, - /// Start denotes the first backup to restore from. This may be specified as an integer index (starting from 1), a string specifying a short date DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. + /// Start denotes the first backup to restore from. This may be specified as + /// an integer index (starting from 1), a string specifying a short date + /// DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. #[serde(default, skip_serializing_if = "Option::is_none")] pub start: Option, /// How many threads to use during the restore. @@ -64,10 +94,18 @@ pub struct CouchbaseBackupRestoreSpec { pub ttl_seconds_after_finished: Option, } -/// Data allows control over what key-value/document data is included in the restore. By default, all data is included. +/// Data allows control over what key-value/document data is included in the +/// restore. By default, all data is included. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreData { - /// Exclude defines the buckets, scopes or collections that are excluded from the backup. When this field is set, it implies that by default everything will be backed up, and data items can be explicitly excluded. You may define an exclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Excluded data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as included items. + /// Exclude defines the buckets, scopes or collections that are excluded from the backup. + /// When this field is set, it implies that by default everything will be backed up, + /// and data items can be explicitly excluded. You may define an exclusion as a bucket + /// -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + /// Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + /// period is the separator used to delimit scopes and collections. Excluded data cannot overlap + /// e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + /// be used at the same time as included items. #[serde(default, skip_serializing_if = "Option::is_none")] pub exclude: Option>, /// FilterKeys only restores documents whose names match the provided regular expression. @@ -76,10 +114,21 @@ pub struct CouchbaseBackupRestoreData { /// FilterValues only restores documents whose values match the provided regular expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterValues")] pub filter_values: Option, - /// Include defines the buckets, scopes or collections that are included in the restore. When this field is set, it implies that by default nothing will be restored, and data items must be explicitly included. You may define an inclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Included data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as excluded items. + /// Include defines the buckets, scopes or collections that are included in the restore. + /// When this field is set, it implies that by default nothing will be restored, + /// and data items must be explicitly included. You may define an inclusion as a bucket + /// -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + /// Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + /// period is the separator used to delimit scopes and collections. Included data cannot overlap + /// e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + /// be used at the same time as excluded items. #[serde(default, skip_serializing_if = "Option::is_none")] pub include: Option>, - /// Map allows data items in the restore to be remapped to a different named container. Buckets can be remapped to other buckets e.g. "source=target", scopes and collections can be remapped to other scopes and collections within the same bucket only e.g. "bucket.scope=bucket.other" or "bucket.scope.collection=bucket.scope.other". Map sources may only be specified once, and may not overlap. + /// Map allows data items in the restore to be remapped to a different named container. + /// Buckets can be remapped to other buckets e.g. "source=target", scopes and collections + /// can be remapped to other scopes and collections within the same bucket only e.g. + /// "bucket.scope=bucket.other" or "bucket.scope.collection=bucket.scope.other". Map + /// sources may only be specified once, and may not overlap. #[serde(default, skip_serializing_if = "Option::is_none")] pub map: Option>, } @@ -87,13 +136,19 @@ pub struct CouchbaseBackupRestoreData { /// RestoreMapping allows data to be migrated on restore. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreDataMap { - /// Source defines the data source of the mapping, this may be either a bucket, scope or collection. + /// Source defines the data source of the mapping, this may be either + /// a bucket, scope or collection. pub source: String, - /// Target defines the data target of the mapping, this may be either a bucket, scope or collection, and must refer to the same type as the restore source. + /// Target defines the data target of the mapping, this may be either + /// a bucket, scope or collection, and must refer to the same type + /// as the restore source. pub target: String, } -/// End denotes the last backup to restore from. Omitting this field will only restore the backup referenced by start. This may be specified as an integer index (starting from 1), a string specifying a short date DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. +/// End denotes the last backup to restore from. Omitting this field will only +/// restore the backup referenced by start. This may be specified as +/// an integer index (starting from 1), a string specifying a short date +/// DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreEnd { /// Int references a relative backup by index. @@ -107,30 +162,42 @@ pub struct CouchbaseBackupRestoreEnd { /// The remote destination for backup. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreObjectStore { - /// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. If set will override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + /// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. + /// If set will override `CouchbaseCluster.spec.backup.objectEndpoint` + /// See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + /// ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. + /// These correspond to the fields used by cbbackupmgr + /// https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// URI is a reference to a remote object store. This is the prefix of the object store and the bucket name. i.e s3://bucket, az://bucket or gs://bucket. + /// URI is a reference to a remote object store. + /// This is the prefix of the object store and the bucket name. + /// i.e s3://bucket, az://bucket or gs://bucket. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, - /// Whether to allow the backup SDK to attempt to authenticate using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`. + /// Whether to allow the backup SDK to attempt to authenticate + /// using the instance metadata api. + /// If set, will override `CouchbaseCluster.spec.backup.useIAM`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useIAM")] pub use_iam: Option, } -/// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. If set will override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores +/// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. +/// If set will override `CouchbaseCluster.spec.backup.objectEndpoint` +/// See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreObjectStoreEndpoint { - /// The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" + /// The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint + /// The secret must have the key with the name "tls.crt" #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, /// The host/address of the custom object endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, - /// UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. + /// UseVirtualPath will force the AWS SDK to use the new virtual style paths + /// which are often required by S3 compatible object stores. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useVirtualPath")] pub use_virtual_path: Option, } @@ -138,45 +205,69 @@ pub struct CouchbaseBackupRestoreObjectStoreEndpoint { /// This list accepts a certain set of parameters that will disable that data and prevent it being restored. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreServices { - /// Analytics restores analytics datasets from the backup. This field defaults to true. + /// Analytics restores analytics datasets from the backup. This field + /// defaults to true. #[serde(default, skip_serializing_if = "Option::is_none")] pub analytics: Option, - /// BucketConfig restores all bucket configuration settings. If you are restoring to cluster with managed buckets, then this option may conflict with existing bucket settings, and the results are undefined, so avoid use. This option is intended for use with unmanaged buckets. Note that bucket durability settings are not restored in versions less than and equal to 1.1.0, and will need to be manually applied. This field defaults to false. + /// BucketConfig restores all bucket configuration settings. + /// If you are restoring to cluster with managed buckets, then this + /// option may conflict with existing bucket settings, and the results + /// are undefined, so avoid use. This option is intended for use + /// with unmanaged buckets. Note that bucket durability settings are + /// not restored in versions less than and equal to 1.1.0, and will + /// need to be manually applied. This field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bucketConfig")] pub bucket_config: Option, - /// BucketQuery enables the backup of query metadata for all buckets. This field defaults to `true`. + /// BucketQuery enables the backup of query metadata for all buckets. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bucketQuery")] pub bucket_query: Option, - /// ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. This field defaults to `true`. + /// ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterAnalytics")] pub cluster_analytics: Option, - /// ClusterQuery enables the backup of cluster level query metadata. This field defaults to `true`. + /// ClusterQuery enables the backup of cluster level query metadata. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterQuery")] pub cluster_query: Option, - /// Data restores document data from the backup. This field defaults to true. + /// Data restores document data from the backup. This field defaults + /// to true. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// Eventing restores eventing functions from the backup. This field defaults to true. + /// Eventing restores eventing functions from the backup. This field + /// defaults to true. #[serde(default, skip_serializing_if = "Option::is_none")] pub eventing: Option, - /// FTAlias restores full-text search aliases from the backup. This field defaults to true. + /// FTAlias restores full-text search aliases from the backup. This + /// field defaults to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ftAlias")] pub ft_alias: Option, - /// FTIndex restores full-text search indexes from the backup. This field defaults to true. + /// FTIndex restores full-text search indexes from the backup. This + /// field defaults to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ftIndex")] pub ft_index: Option, - /// GSIIndex restores document indexes from the backup. This field defaults to true. + /// GSIIndex restores document indexes from the backup. This field + /// defaults to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gsiIndex")] pub gsi_index: Option, + /// Users restores cluster level users, including their roles and permissions. This is + /// only available for Couchbase Server 7.6 and later. This field defaults to `false`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub users: Option, /// Views restores views from the backup. This field defaults to true. #[serde(default, skip_serializing_if = "Option::is_none")] pub views: Option, } -/// StagingVolume contains configuration related to the ephemeral volume used as staging when restoring from a cloud backup. +/// StagingVolume contains configuration related to the +/// ephemeral volume used as staging when restoring from a cloud backup. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreStagingVolume { - /// Size allows the specification of a staging volume. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes The ephemeral volume will only be used when restoring from a cloud provider, if the backup job was created using ephemeral storage. Otherwise the restore job will share a staging volume with the backup job. + /// Size allows the specification of a staging volume. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// The ephemeral volume will only be used when restoring from a cloud provider, + /// if the backup job was created using ephemeral storage. + /// Otherwise the restore job will share a staging volume with the backup job. #[serde(default, skip_serializing_if = "Option::is_none")] pub size: Option, /// Name of StorageClass to use. @@ -184,7 +275,9 @@ pub struct CouchbaseBackupRestoreStagingVolume { pub storage_class_name: Option, } -/// Start denotes the first backup to restore from. This may be specified as an integer index (starting from 1), a string specifying a short date DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. +/// Start denotes the first backup to restore from. This may be specified as +/// an integer index (starting from 1), a string specifying a short date +/// DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreStart { /// Int references a relative backup by index. @@ -195,21 +288,26 @@ pub struct CouchbaseBackupRestoreStart { pub str: Option, } -/// CouchbaseBackupRestoreStatus provides status indications of a restore from backup. This includes whether or not the restore is running, whether the restore succeed or not, and the duration the restore took. +/// CouchbaseBackupRestoreStatus provides status indications of a restore from +/// backup. This includes whether or not the restore is running, whether the +/// restore succeed or not, and the duration the restore took. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupRestoreStatus { /// Location of Backup Archive. #[serde(default, skip_serializing_if = "Option::is_none")] pub archive: Option, - /// Backups gives us a full list of all backups and their respective repository locations. + /// Backups gives us a full list of all backups + /// and their respective repository locations. #[serde(default, skip_serializing_if = "Option::is_none")] pub backups: Option>, - /// Duration tells us how long the last restore took. More info: https://golang.org/pkg/time/#ParseDuration + /// Duration tells us how long the last restore took. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none")] pub duration: Option, /// Failed indicates whether the most recent restore has failed. pub failed: bool, - /// DEPRECATED - field may no longer be populated. Job tells us which job is running/ran last. + /// DEPRECATED - field may no longer be populated. + /// Job tells us which job is running/ran last. #[serde(default, skip_serializing_if = "Option::is_none")] pub job: Option, /// LastFailure tells us the time the last failed restore failed. @@ -221,10 +319,12 @@ pub struct CouchbaseBackupRestoreStatus { /// LastSuccess gives us the time the last successful restore finished. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSuccess")] pub last_success: Option, - /// DEPRECATED - field may no longer be populated. Output reports useful information from the backup process. + /// DEPRECATED - field may no longer be populated. + /// Output reports useful information from the backup process. #[serde(default, skip_serializing_if = "Option::is_none")] pub output: Option, - /// DEPRECATED - field may no longer be populated. Pod tells us which pod is running/ran last. + /// DEPRECATED - field may no longer be populated. + /// Pod tells us which pod is running/ran last. #[serde(default, skip_serializing_if = "Option::is_none")] pub pod: Option, /// Repo is where we are currently performing operations. diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackups.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackups.rs index 6fb656cf0..251238a38 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackups.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebackups.rs @@ -9,7 +9,9 @@ mod prelude { } use self::prelude::*; -/// CouchbaseBackupSpec is allows the specification of how a Couchbase backup is configured, including when backups are performed, how long they are retained for, and where they are backed up to. +/// CouchbaseBackupSpec is allows the specification of how a Couchbase backup is +/// configured, including when backups are performed, how long they are retained +/// for, and where they are backed up to. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseBackup", plural = "couchbasebackups")] #[kube(namespaced)] @@ -17,52 +19,78 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseBackupSpec { - /// AutoScaling allows the volume size to be dynamically increased. When specified, the backup volume will start with an initial size as defined by `spec.size`, and increase as required. + /// AutoScaling allows the volume size to be dynamically increased. + /// When specified, the backup volume will start with an initial size + /// as defined by `spec.size`, and increase as required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoScaling")] pub auto_scaling: Option, - /// Number of times a backup job should try to execute. Once it hits the BackoffLimit it will not run until the next scheduled job. + /// Number of times a backup job should try to execute. + /// Once it hits the BackoffLimit it will not run until the next scheduled job. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backoffLimit")] pub backoff_limit: Option, - /// Number of hours to hold backups for, everything older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration + /// Number of hours to hold backups for, everything older will be deleted. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "backupRetention")] pub backup_retention: Option, - /// Data allows control over what key-value/document data is included in the backup. By default, all data is included. Modifications to this field will only take effect on the next full backup. + /// Data allows control over what key-value/document data is included in the + /// backup. By default, all data is included. Modifications + /// to this field will only take effect on the next full backup. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// DefaultRecoveryMethod specifies how cbbackupmgr should recover from broken backup/restore attempts. + /// DefaultRecoveryMethod specifies how cbbackupmgr should + /// recover from broken backup/restore attempts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultRecoveryMethod")] pub default_recovery_method: Option, - /// EphemeralVolume sets backup to use an ephemeral volume instead of a persistent volume. This is used when backing up to a remote cloud provider, where a persistent volume is not needed. + /// EphemeralVolume sets backup to use an ephemeral volume instead + /// of a persistent volume. This is used when backing up to a remote + /// cloud provider, where a persistent volume is not needed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ephemeralVolume")] pub ephemeral_volume: Option, /// Amount of failed jobs to keep. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failedJobsHistoryLimit")] pub failed_jobs_history_limit: Option, - /// Full is the schedule on when to take full backups. Used in Full/Incremental and FullOnly backup strategies. + /// Full is the schedule on when to take full backups. + /// Used in Full/Incremental and FullOnly backup strategies. #[serde(default, skip_serializing_if = "Option::is_none")] pub full: Option, - /// Incremental is the schedule on when to take incremental backups. Used in Full/Incremental backup strategies. + /// Incremental is the schedule on when to take incremental backups. + /// Used in Full/Incremental backup strategies. #[serde(default, skip_serializing_if = "Option::is_none")] pub incremental: Option, - /// Number of hours to hold script logs for, everything older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration + /// Number of hours to hold script logs for, everything older will be deleted. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "logRetention")] pub log_retention: Option, /// ObjectStore allows for backing up to a remote cloud storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStore")] pub object_store: Option, - /// DEPRECATED - by spec.objectStore.uri Name of S3 bucket to backup to. If non-empty this overrides local backup. + /// DEPRECATED - by spec.objectStore.uri + /// Name of S3 bucket to backup to. If non-empty this overrides local backup. #[serde(default, skip_serializing_if = "Option::is_none")] pub s3bucket: Option, - /// Services allows control over what services are included in the backup. By default, all service data and metadata are included. Modifications to this field will only take effect on the next full backup. + /// Services allows control over what services are included in the backup. + /// By default, all service data and metadata are included apart from users. + /// Modifications to this field will only take effect on the next full backup. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option, - /// Size allows the specification of a backup persistent volume, when using volume based backup. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// Size allows the specification of a backup persistent volume, when using + /// volume based backup. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none")] pub size: Option, /// Name of StorageClass to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, - /// Strategy defines how to perform backups. `full_only` will only perform full backups, and you must define a schedule in the `spec.full` field. `full_incremental` will perform periodic full backups, and incremental backups in between. You must define full and incremental schedules in the `spec.full` and `spec.incremental` fields respectively. Care should be taken to ensure full and incremental schedules do not overlap, taking into account the backup time, as this will cause failures as the jobs attempt to mount the same backup volume. This field default to `full_incremental`. Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html + /// Strategy defines how to perform backups. `full_only` will only perform full + /// backups, and you must define a schedule in the `spec.full` field. `full_incremental` + /// will perform periodic full backups, and incremental backups in between. You must + /// define full and incremental schedules in the `spec.full` and `spec.incremental` fields + /// respectively. Care should be taken to ensure full and incremental schedules do not + /// overlap, taking into account the backup time, as this will cause failures as the jobs + /// attempt to mount the same backup volume. To cause a backup to occur immediately use `immediate_incremental` + /// or `immediate_full` for incremental or full backups respectively. + /// This field default to `full_incremental`. + /// Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html #[serde(default, skip_serializing_if = "Option::is_none")] pub strategy: Option, /// Amount of successful jobs to keep. @@ -76,32 +104,61 @@ pub struct CouchbaseBackupSpec { pub ttl_seconds_after_finished: Option, } -/// AutoScaling allows the volume size to be dynamically increased. When specified, the backup volume will start with an initial size as defined by `spec.size`, and increase as required. +/// AutoScaling allows the volume size to be dynamically increased. +/// When specified, the backup volume will start with an initial size +/// as defined by `spec.size`, and increase as required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupAutoScaling { - /// IncrementPercent controls how much the volume is increased each time the threshold is exceeded, upto a maximum as defined by the limit. This field defaults to 20 if not specified. + /// IncrementPercent controls how much the volume is increased each time the + /// threshold is exceeded, upto a maximum as defined by the limit. + /// This field defaults to 20 if not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "incrementPercent")] pub increment_percent: Option, - /// Limit imposes a hard limit on the size we can autoscale to. When not specified no bounds are imposed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// Limit imposes a hard limit on the size we can autoscale to. When not + /// specified no bounds are imposed. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none")] pub limit: Option, - /// ThresholdPercent determines the point at which a volume is autoscaled. This represents the percentage of free space remaining on the volume, when less than this threshold, it will trigger a volume expansion. For example, if the volume is 100Gi, and the threshold 20%, then a resize will be triggered when the used capacity exceeds 80Gi, and free space is less than 20Gi. This field defaults to 20 if not specified. + /// ThresholdPercent determines the point at which a volume is autoscaled. + /// This represents the percentage of free space remaining on the volume, + /// when less than this threshold, it will trigger a volume expansion. + /// For example, if the volume is 100Gi, and the threshold 20%, then a resize + /// will be triggered when the used capacity exceeds 80Gi, and free space is + /// less than 20Gi. This field defaults to 20 if not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "thresholdPercent")] pub threshold_percent: Option, } -/// Data allows control over what key-value/document data is included in the backup. By default, all data is included. Modifications to this field will only take effect on the next full backup. +/// Data allows control over what key-value/document data is included in the +/// backup. By default, all data is included. Modifications +/// to this field will only take effect on the next full backup. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupData { - /// Exclude defines the buckets, scopes or collections that are excluded from the backup. When this field is set, it implies that by default everything will be backed up, and data items can be explicitly excluded. You may define an exclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Excluded data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as included items. + /// Exclude defines the buckets, scopes or collections that are excluded from the backup. + /// When this field is set, it implies that by default everything will be backed up, + /// and data items can be explicitly excluded. You may define an exclusion as a bucket + /// -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + /// Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + /// period is the separator used to delimit scopes and collections. Excluded data cannot overlap + /// e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + /// be used at the same time as included items. #[serde(default, skip_serializing_if = "Option::is_none")] pub exclude: Option>, - /// Include defines the buckets, scopes or collections that are included in the backup. When this field is set, it implies that by default nothing will be backed up, and data items must be explicitly included. You may define an inclusion as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as period is the separator used to delimit scopes and collections. Included data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot be used at the same time as excluded items. + /// Include defines the buckets, scopes or collections that are included in the backup. + /// When this field is set, it implies that by default nothing will be backed up, + /// and data items must be explicitly included. You may define an inclusion as a bucket + /// -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + /// Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + /// period is the separator used to delimit scopes and collections. Included data cannot overlap + /// e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + /// be used at the same time as excluded items. #[serde(default, skip_serializing_if = "Option::is_none")] pub include: Option>, } -/// CouchbaseBackupSpec is allows the specification of how a Couchbase backup is configured, including when backups are performed, how long they are retained for, and where they are backed up to. +/// CouchbaseBackupSpec is allows the specification of how a Couchbase backup is +/// configured, including when backups are performed, how long they are retained +/// for, and where they are backed up to. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBackupDefaultRecoveryMethod { #[serde(rename = "none")] @@ -112,14 +169,16 @@ pub enum CouchbaseBackupDefaultRecoveryMethod { Purge, } -/// Full is the schedule on when to take full backups. Used in Full/Incremental and FullOnly backup strategies. +/// Full is the schedule on when to take full backups. +/// Used in Full/Incremental and FullOnly backup strategies. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupFull { /// Schedule takes a cron schedule in string format. pub schedule: String, } -/// Incremental is the schedule on when to take incremental backups. Used in Full/Incremental backup strategies. +/// Incremental is the schedule on when to take incremental backups. +/// Used in Full/Incremental backup strategies. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupIncremental { /// Schedule takes a cron schedule in string format. @@ -129,102 +188,145 @@ pub struct CouchbaseBackupIncremental { /// ObjectStore allows for backing up to a remote cloud storage. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupObjectStore { - /// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. If set will override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + /// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. + /// If set will override `CouchbaseCluster.spec.backup.objectEndpoint` + /// See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, - /// ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + /// ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. + /// These correspond to the fields used by cbbackupmgr + /// https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// URI is a reference to a remote object store. This is the prefix of the object store and the bucket name. i.e s3://bucket, az://bucket or gs://bucket. + /// URI is a reference to a remote object store. + /// This is the prefix of the object store and the bucket name. + /// i.e s3://bucket, az://bucket or gs://bucket. #[serde(default, skip_serializing_if = "Option::is_none")] pub uri: Option, - /// Whether to allow the backup SDK to attempt to authenticate using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`. + /// Whether to allow the backup SDK to attempt to authenticate + /// using the instance metadata api. + /// If set, will override `CouchbaseCluster.spec.backup.useIAM`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useIAM")] pub use_iam: Option, } -/// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. If set will override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores +/// Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. +/// If set will override `CouchbaseCluster.spec.backup.objectEndpoint` +/// See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupObjectStoreEndpoint { - /// The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" + /// The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint + /// The secret must have the key with the name "tls.crt" #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, /// The host/address of the custom object endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, - /// UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. + /// UseVirtualPath will force the AWS SDK to use the new virtual style paths + /// which are often required by S3 compatible object stores. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useVirtualPath")] pub use_virtual_path: Option, } -/// Services allows control over what services are included in the backup. By default, all service data and metadata are included. Modifications to this field will only take effect on the next full backup. +/// Services allows control over what services are included in the backup. +/// By default, all service data and metadata are included apart from users. +/// Modifications to this field will only take effect on the next full backup. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupServices { - /// Analytics enables the backup of analytics data. This field defaults to `true`. + /// Analytics enables the backup of analytics data. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none")] pub analytics: Option, - /// BucketConfig enables the backup of bucket configuration. This field defaults to `true`. + /// BucketConfig enables the backup of bucket configuration. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bucketConfig")] pub bucket_config: Option, - /// BucketQuery enables the backup of query metadata for all buckets. This field defaults to `true`. + /// BucketQuery enables the backup of query metadata for all buckets. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bucketQuery")] pub bucket_query: Option, - /// ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. This field defaults to `true`. + /// ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterAnalytics")] pub cluster_analytics: Option, - /// ClusterQuery enables the backup of cluster level query metadata. This field defaults to `true`. + /// ClusterQuery enables the backup of cluster level query metadata. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterQuery")] pub cluster_query: Option, - /// Data enables the backup of key-value data/documents for all buckets. This can be further refined with the couchbasebackups.spec.data configuration. This field defaults to `true`. + /// Data enables the backup of key-value data/documents for all buckets. + /// This can be further refined with the couchbasebackups.spec.data configuration. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// Eventing enables the backup of eventing service metadata. This field defaults to `true`. + /// Eventing enables the backup of eventing service metadata. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none")] pub eventing: Option, - /// FTSAliases enables the backup of full-text search alias definitions. This field defaults to `true`. + /// FTSAliases enables the backup of full-text search alias definitions. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ftsAliases")] pub fts_aliases: Option, - /// FTSIndexes enables the backup of full-text search index definitions for all buckets. This field defaults to `true`. + /// FTSIndexes enables the backup of full-text search index definitions for all buckets. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ftsIndexes")] pub fts_indexes: Option, - /// GSIndexes enables the backup of global secondary index definitions for all buckets. This field defaults to `true`. + /// GSIndexes enables the backup of global secondary index definitions for all buckets. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gsIndexes")] pub gs_indexes: Option, - /// Views enables the backup of view definitions for all buckets. This field defaults to `true`. + /// Users enables the backup of users including their roles and permissions. This is + /// only available for Couchbase Server 7.6 and later. This field defaults to `false`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub users: Option, + /// Views enables the backup of view definitions for all buckets. + /// This field defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none")] pub views: Option, } -/// CouchbaseBackupSpec is allows the specification of how a Couchbase backup is configured, including when backups are performed, how long they are retained for, and where they are backed up to. +/// CouchbaseBackupSpec is allows the specification of how a Couchbase backup is +/// configured, including when backups are performed, how long they are retained +/// for, and where they are backed up to. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBackupStrategy { #[serde(rename = "full_incremental")] FullIncremental, #[serde(rename = "full_only")] FullOnly, + #[serde(rename = "immediate_incremental")] + ImmediateIncremental, + #[serde(rename = "immediate_full")] + ImmediateFull, } -/// CouchbaseBackupStatus provides status notifications about the Couchbase backup including when the last backup occurred, whether is succeeded or not, the run time of the backup and the size of the backup. +/// CouchbaseBackupStatus provides status notifications about the Couchbase backup +/// including when the last backup occurred, whether is succeeded or not, the run +/// time of the backup and the size of the backup. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBackupStatus { /// Location of Backup Archive. #[serde(default, skip_serializing_if = "Option::is_none")] pub archive: Option, - /// Backups gives us a full list of all backups and their respective repository locations. + /// Backups gives us a full list of all backups + /// and their respective repository locations. #[serde(default, skip_serializing_if = "Option::is_none")] pub backups: Option>, - /// CapacityUsed tells us how much of the PVC we are using. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// CapacityUsed tells us how much of the PVC we are using. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "capacityUsed")] pub capacity_used: Option, - /// DEPRECATED - field may no longer be populated. Cronjob tells us which Cronjob the job belongs to. + /// DEPRECATED - field may no longer be populated. + /// Cronjob tells us which Cronjob the job belongs to. #[serde(default, skip_serializing_if = "Option::is_none")] pub cronjob: Option, - /// Duration tells us how long the last backup took. More info: https://golang.org/pkg/time/#ParseDuration + /// Duration tells us how long the last backup took. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none")] pub duration: Option, /// Failed indicates whether the most recent backup has failed. pub failed: bool, - /// DEPRECATED - field may no longer be populated. Job tells us which job is running/ran last. + /// DEPRECATED - field may no longer be populated. + /// Job tells us which job is running/ran last. #[serde(default, skip_serializing_if = "Option::is_none")] pub job: Option, /// LastFailure tells us the time the last failed backup failed. @@ -236,10 +338,12 @@ pub struct CouchbaseBackupStatus { /// LastSuccess gives us the time the last successful backup finished. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSuccess")] pub last_success: Option, - /// DEPRECATED - field may no longer be populated. Output reports useful information from the backup_script. + /// DEPRECATED - field may no longer be populated. + /// Output reports useful information from the backup_script. #[serde(default, skip_serializing_if = "Option::is_none")] pub output: Option, - /// DEPRECATED - field may no longer be populated. Pod tells us which pod is running/ran last. + /// DEPRECATED - field may no longer be populated. + /// Pod tells us which pod is running/ran last. #[serde(default, skip_serializing_if = "Option::is_none")] pub pod: Option, /// Repo is where we are currently performing operations. diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebuckets.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebuckets.rs index 3a23f9d5e..3148d313b 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebuckets.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasebuckets.rs @@ -10,7 +10,8 @@ mod prelude { } use self::prelude::*; -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseBucket", plural = "couchbasebuckets")] #[kube(namespaced)] @@ -18,48 +19,110 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseBucketSpec { - /// CompressionMode defines how Couchbase server handles document compression. When off, documents are stored in memory, and transferred to the client uncompressed. When passive, documents are stored compressed in memory, and transferred to the client compressed when requested. When active, documents are stored compresses in memory and when transferred to the client. This field must be "off", "passive" or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so must be quoted as a string in configuration files. + /// CompressionMode defines how Couchbase server handles document compression. When + /// off, documents are stored in memory, and transferred to the client uncompressed. + /// When passive, documents are stored compressed in memory, and transferred to the + /// client compressed when requested. When active, documents are stored compresses + /// in memory and when transferred to the client. This field must be "off", "passive" + /// or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so + /// must be quoted as a string in configuration files. #[serde(default, skip_serializing_if = "Option::is_none", rename = "compressionMode")] pub compression_mode: Option, - /// ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number based resolution selects the document with the highest sequence number as the most recent. Timestamp based resolution selects the document that was written to most recently as the most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), defaulting to "seqno". + /// ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number + /// based resolution selects the document with the highest sequence number as the most recent. + /// Timestamp based resolution selects the document that was written to most recently as the + /// most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), + /// defaulting to "seqno". #[serde(default, skip_serializing_if = "Option::is_none", rename = "conflictResolution")] pub conflict_resolution: Option, - /// EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false. + /// EnableFlush defines whether a client can delete all documents in a bucket. + /// This field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFlush")] pub enable_flush: Option, - /// EnableIndexReplica defines whether indexes for this bucket are replicated. This field defaults to false. + /// EnableIndexReplica defines whether indexes for this bucket are replicated. + /// This field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableIndexReplica")] pub enable_index_replica: Option, - /// EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction flushes documents to disk but maintains document metadata in memory in order to improve query performance. Full eviction removes all data from memory after the document is flushed to disk. This field must be "valueOnly" or "fullEviction", defaulting to "valueOnly". + /// EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction + /// flushes documents to disk but maintains document metadata in memory in order to improve + /// query performance. Full eviction removes all data from memory after the document is + /// flushed to disk. This field must be "valueOnly" or "fullEviction", defaulting to + /// "valueOnly". #[serde(default, skip_serializing_if = "Option::is_none", rename = "evictionPolicy")] pub eviction_policy: Option, - /// IOPriority controls how many threads a bucket has, per pod, to process reads and writes. This field must be "low" or "high", defaulting to "low". Modification of this field will cause a temporary service disruption as threads are restarted. + /// IOPriority controls how many threads a bucket has, per pod, to process reads and writes. + /// This field must be "low" or "high", defaulting to "low". Modification of this field will + /// cause a temporary service disruption as threads are restarted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ioPriority")] pub io_priority: Option, - /// MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This is a default and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration + /// MaxTTL defines how long a document is permitted to exist for, without + /// modification, until it is automatically deleted. This is a default and maximum + /// time-to-live and may be set to a lower value by the client. If the client specifies + /// a higher value, then it is truncated to the maximum durability. Documents are + /// removed by Couchbase, after they have expired, when either accessed, the expiry + /// pager is run, or the bucket is compacted. When set to 0, then documents are not + /// expired by default. This field must be a duration in the range 0-2147483648s, + /// defaulting to 0. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxTTL")] pub max_ttl: Option, - /// MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory to disk as defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, + /// documents will be evicted from memory to disk as defined by the eviction policy. The + /// memory quota is defined per Couchbase pod running the data service. This field defaults + /// to, and must be greater than or equal to 100Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryQuota")] pub memory_quota: Option, - /// MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. When majorityAndPersistActive, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster and the document has been persisted to disk on the document master pod. When persistToMajority, Couchbase server will respond when the document is replicated and persisted to disk on at least half of the pods running the data service in the cluster. This field must be either "none", "majority", "majorityAndPersistActive" or "persistToMajority", defaulting to "none". + /// MiniumumDurability defines how durable a document write is by default, and can + /// be made more durable by the client. This feature enables ACID transactions. + /// When none, Couchbase server will respond when the document is in memory, it will + /// become eventually consistent across the cluster. When majority, Couchbase server will + /// respond when the document is replicated to at least half of the pods running the + /// data service in the cluster. When majorityAndPersistActive, Couchbase server will + /// respond when the document is replicated to at least half of the pods running the + /// data service in the cluster and the document has been persisted to disk on the + /// document master pod. When persistToMajority, Couchbase server will respond when + /// the document is replicated and persisted to disk on at least half of the pods running + /// the data service in the cluster. This field must be either "none", "majority", + /// "majorityAndPersistActive" or "persistToMajority", defaulting to "none". #[serde(default, skip_serializing_if = "Option::is_none", rename = "minimumDurability")] pub minimum_durability: Option, - /// Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// Name is the name of the bucket within Couchbase server. By default the Operator + /// will use the `metadata.name` field to define the bucket name. The `metadata.name` + /// field only supports a subset of the supported character set. When specified, this + /// field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1. + /// Rank determines the bucket’s place in the order in which the rebalance process + /// handles the buckets on the cluster. The higher a bucket’s assigned integer + /// (in relation to the integers assigned other buckets), the sooner in the + /// rebalance process the bucket is handled. This assignment of rank allows a + /// cluster’s most mission-critical data to be rebalanced with top priority. + /// This option is only supported for Couchbase Server 7.6.0+. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rank: Option, + /// Replicas defines how many copies of documents Couchbase server maintains. This directly + /// affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster + /// can tolerate one data pod going down and still service requests without data loss. The + /// number of replicas also affect memory use. With a single replica, the effective memory + /// quota for documents is halved, with two replicas it is one third. The number of replicas + /// must be between 0 and 3, defaulting to 1. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, - /// Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. + /// Scopes defines whether the Operator manages scopes for the bucket or not, and + /// the set of scopes defined for the bucket. #[serde(default, skip_serializing_if = "Option::is_none")] pub scopes: Option, - /// StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". This cannot be edited after bucket creation. Note: "magma" is only valid for Couchbase Server 7.1.0 onward. + /// StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. + /// Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". + /// Note: "magma" is only valid for Couchbase Server 7.1.0 onward. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageBackend")] pub storage_backend: Option, } -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBucketCompressionMode { #[serde(rename = "off")] @@ -70,7 +133,8 @@ pub enum CouchbaseBucketCompressionMode { Active, } -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBucketConflictResolution { #[serde(rename = "seqno")] @@ -79,7 +143,8 @@ pub enum CouchbaseBucketConflictResolution { Lww, } -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBucketEvictionPolicy { #[serde(rename = "valueOnly")] @@ -88,7 +153,8 @@ pub enum CouchbaseBucketEvictionPolicy { FullEviction, } -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBucketIoPriority { #[serde(rename = "low")] @@ -97,7 +163,8 @@ pub enum CouchbaseBucketIoPriority { High, } -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBucketMinimumDurability { #[serde(rename = "none")] @@ -110,26 +177,45 @@ pub enum CouchbaseBucketMinimumDurability { PersistToMajority, } -/// Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. +/// Scopes defines whether the Operator manages scopes for the bucket or not, and +/// the set of scopes defined for the bucket. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBucketScopes { - /// Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present. + /// Managed defines whether scopes are managed for this bucket. + /// This field is `false` by default, and the Operator will take no actions that + /// will affect scopes and collections in this bucket. The default scope and + /// collection will be present. When set to `true`, the Operator will manage + /// user defined scopes, and optionally, their collections as defined by the + /// `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and + /// `CouchbaseCollectionGroup` resource documentation. If this field is set to + /// `false` while the already managed, then the Operator will leave whatever + /// configuration is already present. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named resources that will be considered + /// for inclusion in this bucket. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// bucket. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBucketScopesResources { - /// Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseScope` and `CouchbaseScopeGroup` resource kinds. This field defaults to `CouchbaseScope` if not specified. + /// Kind indicates the kind of resource that is being referenced. A scope + /// can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + /// resource kinds. This field defaults to `CouchbaseScope` if not + /// specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name is the name of the Kubernetes resource name that is being referenced. Legal scope names have a maximum length of 251 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + /// Name is the name of the Kubernetes resource name that is being referenced. + /// Legal scope names have a maximum length of 251 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". pub name: String, } @@ -139,30 +225,40 @@ pub enum CouchbaseBucketScopesResourcesKind { CouchbaseScopeGroup, } -/// Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// bucket. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBucketScopesSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseBucketScopesSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and +/// allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseBucketStorageBackend { #[serde(rename = "couchstore")] diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseclusters.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseclusters.rs index 57caa1206..f2b9046fb 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseclusters.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseclusters.rs @@ -12,7 +12,8 @@ mod prelude { } use self::prelude::*; -/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized. +/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows +/// the cluster to be customized. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseCluster", plural = "couchbaseclusters")] #[kube(namespaced)] @@ -20,106 +21,225 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseClusterSpec { - /// AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters. + /// AntiAffinity forces the Operator to schedule different Couchbase server pods on + /// different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable + /// failure in the event of a node issue. Use of anti-affinity is highly recommended for + /// production clusters. #[serde(default, skip_serializing_if = "Option::is_none", rename = "antiAffinity")] pub anti_affinity: Option, - /// AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the `spec.servers.resources` field. + /// AutoResourceAllocation populates pod resource requests based on the services running + /// on that pod. When enabled, this feature will calculate the memory request as the + /// total of service allocations defined in `spec.cluster`, plus an overhead defined + /// by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for + /// a service will cause a cluster upgrade as allocations are modified in the underlying + /// pods. This field also allows default pod CPU requests and limits to be applied. + /// All resource allocations can be overridden by explicitly configuring them in the + /// `spec.servers.resources` field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoResourceAllocation")] pub auto_resource_allocation: Option, - /// AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. - /// Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance. + /// AutoscaleStabilizationPeriod defines how long after a rebalance the + /// corresponding HorizontalPodAutoscaler should remain in maintenance mode. + /// During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler + /// associated with the cluster becomes inactive. + /// Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, + /// setting a stabilization period helps to prevent scaling recommendations from the + /// HorizontalPodAutoscaler for a provided period of time. + /// + /// + /// Values must be a valid Kubernetes duration of 0s or higher: + /// https://golang.org/pkg/time/#ParseDuration + /// A value of 0, puts the cluster in maintenance mode during rebalance but + /// immediately exits this mode once the rebalance has completed. + /// When undefined, the HPA is never put into maintenance mode during rebalance. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoscaleStabilizationPeriod")] pub autoscale_stabilization_period: Option, - /// Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. + /// Backup defines whether the Operator should manage automated backups, and how + /// to lookup backup resources. #[serde(default, skip_serializing_if = "Option::is_none")] pub backup: Option, - /// Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources. + /// Buckets defines whether the Operator should manage buckets, and how to lookup + /// bucket resources. #[serde(default, skip_serializing_if = "Option::is_none")] pub buckets: Option, - /// ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. + /// ClusterSettings define Couchbase cluster-wide settings such as memory allocation, + /// failover characteristics and index settings. #[serde(default, skip_serializing_if = "Option::is_none")] pub cluster: Option, - /// EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim - /// If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims + /// EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. + /// You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. + /// Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to + /// expand the volumes which are actively bound to Pods. + /// Volumes can only be expanded and not reduced to a smaller size. + /// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim + /// + /// + /// If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does + /// not actually support online volume and file system expansion then the cluster will fallback to + /// rolling upgrade procedure to create a new set of Pods for use with resized Volumes. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableOnlineVolumeExpansion")] pub enable_online_volume_expansion: Option, - /// DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling enables autoscaling for stateful services and buckets. + /// DEPRECATED - This option only exists for backwards compatibility and no longer + /// restricts autoscaling to ephemeral services. + /// EnablePreviewScaling enables autoscaling for stateful services and buckets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enablePreviewScaling")] pub enable_preview_scaling: Option, - /// EnvImagePrecedence gives precedence over the default container image name in `spec.Image` to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html + /// EnvImagePrecedence gives precedence over the default container image name in + /// `spec.Image` to an image name provided through Operator environment variables. + /// For more info on using Operator environment variables: + /// https://docs.couchbase.com/operator/current/reference-operator-configuration.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "envImagePrecedence")] pub env_image_precedence: Option, /// Hibernate is whether to hibernate the cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub hibernate: Option, - /// HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false. + /// HibernationStrategy defines how to hibernate the cluster. When Immediate + /// the Operator will immediately delete all pods and take no further action until + /// the hibernate field is set to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hibernationStrategy")] pub hibernation_strategy: Option, - /// Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. + /// Image is the container image name that will be used to launch Couchbase + /// server instances. Updating this field will cause an automatic upgrade of + /// the cluster. Explicitly specifying the image for a server class will override + /// this value for the server class. pub image: String, /// Logging defines Operator logging options. #[serde(default, skip_serializing_if = "Option::is_none")] pub logging: Option, - /// Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. + /// DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + /// Monitoring defines any Operator managed integration into 3rd party monitoring + /// infrastructure. #[serde(default, skip_serializing_if = "Option::is_none")] pub monitoring: Option, - /// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. + /// Networking defines Couchbase cluster networking options such as network + /// topology, TLS and DDNS settings. #[serde(default, skip_serializing_if = "Option::is_none")] pub networking: Option, - /// Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action. + /// OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes + /// for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. + /// Value must be between 0 and 30. + /// If no value is provided, then it defaults to 10 minutes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "onlineVolumeExpansionTimeoutInMins")] + pub online_volume_expansion_timeout_in_mins: Option, + /// Paused is to pause the control of the operator for the Couchbase cluster. + /// This does not pause the cluster itself, instead stopping the operator from + /// taking any action. #[serde(default, skip_serializing_if = "Option::is_none")] pub paused: Option, - /// Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure". + /// Platform gives a hint as to what platform we are running on and how + /// to configure services. This field must be one of "aws", "gke" or "azure". #[serde(default, skip_serializing_if = "Option::is_none")] pub platform: Option, - /// RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". + /// RecoveryPolicy controls how aggressive the Operator is when recovering cluster + /// topology. When PrioritizeDataIntegrity, the Operator will delegate failover + /// exclusively to Couchbase server, relying on it to only allow recovery when safe to + /// do so. When PrioritizeUptime, the Operator will wait for a period after the + /// expected auto-failover of the cluster, before forcefully failing-over the pods. + /// This may cause data loss, and is only expected to be used on clusters with ephemeral + /// data, where the loss of the pod means that the data is known to be unrecoverable. + /// This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting + /// to "PrioritizeDataIntegrity". #[serde(default, skip_serializing_if = "Option::is_none", rename = "recoveryPolicy")] pub recovery_policy: Option, - /// When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased. + /// When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod + /// at a time. If this field is specified then that number can be increased. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpgrade")] pub rolling_upgrade: Option, - /// Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings. + /// Security defines Couchbase cluster security options such as the administrator + /// account username and password, and user RBAC settings. pub security: CouchbaseClusterSecurity, - /// DEPRECATED - by spec.security.securityContext SecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + /// DEPRECATED - by spec.security.securityContext + /// SecurityContext allows the configuration of the security context for all + /// Couchbase server pods. When using persistent volumes you may need to set + /// the fsGroup field in order to write to the volume. For non-root clusters + /// you must also set runAsUser to 1000, corresponding to the Couchbase user + /// in official container images. More info: + /// https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, - /// ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups. + /// ServerGroups define the set of availability zones you want to distribute + /// pods over, and construct Couchbase server groups for. By default, most + /// cloud providers will label nodes with the key "topology.kubernetes.io/zone", + /// the values associated with that key are used here to provide explicit + /// scheduling by the Operator. You may manually label nodes using the + /// "topology.kubernetes.io/zone" key, to provide failure-domain + /// aware scheduling when none is provided for you. Global server groups are + /// applied to all server classes, and may be overridden on a per-server class + /// basis to give more control over scheduling and server groups. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverGroups")] pub server_groups: Option>, - /// Servers defines server classes for the Operator to provision and manage. A server class defines what services are running and how many members make up that class. Specifying multiple server classes allows the Operator to provision clusters with Multi-Dimensional Scaling (MDS). At least one server class must be defined, and at least one server class must be running the data service. + /// Servers defines server classes for the Operator to provision and manage. + /// A server class defines what services are running and how many members make + /// up that class. Specifying multiple server classes allows the Operator to + /// provision clusters with Multi-Dimensional Scaling (MDS). At least one server + /// class must be defined, and at least one server class must be running the data + /// service. pub servers: Vec, - /// SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. + /// SoftwareUpdateNotifications enables software update notifications in the UI. + /// When enabled, the UI will alert when a Couchbase server upgrade is available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "softwareUpdateNotifications")] pub software_update_notifications: Option, - /// UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". + /// UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. + /// When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or + /// ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will + /// perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy + /// is set to ImmediateUpgrade. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeProcess")] + pub upgrade_process: Option, + /// UpgradeStrategy controls how aggressive the Operator is when performing a cluster + /// upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This + /// strategy is slower, however less disruptive. When an immediate upgrade strategy is + /// requested, all pods are upgraded at the same time. This strategy is faster, but more + /// disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting + /// to "RollingUpgrade". #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeStrategy")] pub upgrade_strategy: Option, - /// VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. + /// VolumeClaimTemplates define the desired characteristics of a volume + /// that can be requested/claimed by a pod, for example the storage class to + /// use and the volume size. Volume claim templates are referred to by name + /// by server class volume mount configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, - /// XDCR defines whether the Operator should manage XDCR, remote clusters and how to lookup replication resources. + /// XDCR defines whether the Operator should manage XDCR, remote clusters and how + /// to lookup replication resources. #[serde(default, skip_serializing_if = "Option::is_none")] pub xdcr: Option, } -/// AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the `spec.servers.resources` field. +/// AutoResourceAllocation populates pod resource requests based on the services running +/// on that pod. When enabled, this feature will calculate the memory request as the +/// total of service allocations defined in `spec.cluster`, plus an overhead defined +/// by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for +/// a service will cause a cluster upgrade as allocations are modified in the underlying +/// pods. This field also allows default pod CPU requests and limits to be applied. +/// All resource allocations can be overridden by explicitly configuring them in the +/// `spec.servers.resources` field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterAutoResourceAllocation { - /// CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// CPULimits automatically populates the CPU limits across all Couchbase + /// server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU + /// limit for a particular server class will override this value. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuLimits")] pub cpu_limits: Option, - /// CPURequests automatically populates the CPU requests across all Couchbase server pods. The default value of "2", is the minimum recommended number of CPUs required to run Couchbase Server. Explicitly specifying the CPU request for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// CPURequests automatically populates the CPU requests across all Couchbase + /// server pods. The default value of "2", is the minimum recommended number of + /// CPUs required to run Couchbase Server. Explicitly specifying the CPU request + /// for a particular server class will override this value. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuRequests")] pub cpu_requests: Option, /// Enabled defines whether auto-resource allocation is enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, - /// OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%. + /// OverheadPercent defines the amount of memory above that required for individual + /// services on a pod. For Couchbase Server this should be approximately 25%. #[serde(default, skip_serializing_if = "Option::is_none", rename = "overheadPercent")] pub overhead_percent: Option, } -/// Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. +/// Backup defines whether the Operator should manage automated backups, and how +/// to lookup backup resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackup { /// Annotations defines additional annotations to appear on the backup/restore pods. @@ -127,7 +247,8 @@ pub struct CouchbaseClusterBackup { pub annotations: Option>, /// The Backup Image to run on backup pods. pub image: String, - /// ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones. + /// ImagePullSecrets allow you to use an image from private + /// repositories and non-dockerhub ones. #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullSecrets")] pub image_pull_secrets: Option>, /// Labels defines additional labels to appear on the backup/restore pods. @@ -136,185 +257,309 @@ pub struct CouchbaseClusterBackup { /// Managed defines whether backups are managed by us or the clients. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// NodeSelector defines which nodes to constrain the pods that run any backup and restore operations to. + /// NodeSelector defines which nodes to constrain the pods that + /// run any backup and restore operations to. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store. + /// Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint + /// ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectEndpoint")] pub object_endpoint: Option, - /// Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. + /// Resources is the resource requirements for the backup and restore + /// containers. Will be populated by defaults if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the `spec.s3bucket` field is specified for a backup or restore resource. + /// Deprecated: by CouchbaseBackup.spec.objectStore.secret + /// S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. + /// This field must be popluated when the `spec.s3bucket` field is specified + /// for a backup or restore resource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "s3Secret")] pub s3_secret: Option, - /// Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. + /// Selector allows CouchbaseBackup and CouchbaseBackupRestore + /// resources to be filtered based on labels. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// The Service Account to run backup (and restore) pods under. Without this backup pods will not be able to update status. + /// The Service Account to run backup (and restore) pods under. + /// Without this backup pods will not be able to update status. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] pub service_account_name: Option, /// Tolerations specifies all backup and restore pod tolerations. #[serde(default, skip_serializing_if = "Option::is_none")] pub tolerations: Option>, - /// Deprecated: by CouchbaseBackup.spec.objectStore.useIAM UseIAMRole enables backup to fetch EC2 instance metadata. This allows the AWS SDK to use the EC2's IAM Role for S3 access. UseIAMRole will ignore credentials in s3Secret. + /// Deprecated: by CouchbaseBackup.spec.objectStore.useIAM + /// UseIAMRole enables backup to fetch EC2 instance metadata. + /// This allows the AWS SDK to use the EC2's IAM Role for S3 access. + /// UseIAMRole will ignore credentials in s3Secret. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useIAMRole")] pub use_iam_role: Option, } -/// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +/// LocalObjectReference contains enough information to let you locate the +/// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackupImagePullSecrets { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store. +/// Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint +/// ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackupObjectEndpoint { - /// The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" + /// The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint + /// The secret must have the key with the name "tls.crt" #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, /// The host/address of the custom object endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, - /// UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. + /// UseVirtualPath will force the AWS SDK to use the new virtual style paths + /// which are often required by S3 compatible object stores. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useVirtualPath")] pub use_virtual_path: Option, } -/// Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. +/// Resources is the resource requirements for the backup and restore +/// containers. Will be populated by defaults if not specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackupResources { - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } -/// Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterBackupResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Selector allows CouchbaseBackup and CouchbaseBackupRestore +/// resources to be filtered based on labels. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackupSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackupSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBackupTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } -/// Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources. +/// Buckets defines whether the Operator should manage buckets, and how to lookup +/// bucket resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBuckets { - /// Managed defines whether buckets are managed by the Operator (true), or user managed (false). When Operator managed, all buckets must be defined with either CouchbaseBucket, CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition of buckets will be reverted by the Operator. When user managed, the Operator will not interrogate buckets at all. This field defaults to false. + /// Managed defines whether buckets are managed by the Operator (true), or user managed (false). + /// When Operator managed, all buckets must be defined with either CouchbaseBucket, + /// CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition + /// of buckets will be reverted by the Operator. When user managed, the Operator + /// will not interrogate buckets at all. This field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// Selector is a label selector used to list buckets in the namespace that are managed by the Operator. + /// Selector is a label selector used to list buckets in the namespace + /// that are managed by the Operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands. + /// Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as + /// Kubernetes resources by the Operator. This feature is intended for development only + /// and should not be used for production workloads. The synchronization workflow starts + /// with `spec.buckets.managed` being set to false, the user can manually create buckets, + /// scopes, and collections using the Couchbase UI, or other tooling. When you wish to + /// commit to Kubernetes resources, you must specify a unique label selector in the + /// `spec.buckets.selector` field, and this field is set to true. The Operator will + /// create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` + /// status condition. Synchronizing will not create a Kubernetes resource for the Couchbase + /// Server maintained _system scope. You may then safely set `spec.buckets.managed` to + /// true and the Operator will manage these resources as per usual. To update an already + /// managed data topology, you must first set it to unmanaged, make any changes, and delete + /// any old resources, then follow the standard synchronization workflow. The Operator + /// can not, and will not, ever delete, or make modifications to resource specifications + /// that are intended to be user managed, or managed by a life cycle management tool. These + /// actions must be instigated by an end user. For a more complete experience, refer to + /// the documentation for the `cao save` and `cao restore` CLI commands. #[serde(default, skip_serializing_if = "Option::is_none")] pub synchronize: Option, } -/// Selector is a label selector used to list buckets in the namespace that are managed by the Operator. +/// Selector is a label selector used to list buckets in the namespace +/// that are managed by the Operator. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBucketsSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterBucketsSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. +/// ClusterSettings define Couchbase cluster-wide settings such as memory allocation, +/// failover characteristics and index settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterCluster { - /// AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. + /// This value is per-pod, and only applicable to pods belonging to server classes running + /// the analytics service. This field must be a quantity greater than or equal to 1Gi. This + /// field defaults to 1Gi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "analyticsServiceMemoryQuota")] pub analytics_service_memory_quota: Option, - /// AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. + /// AutoCompaction allows the configuration of auto-compaction, including on what + /// conditions disk space is reclaimed and when it is allowed to run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoCompaction")] pub auto_compaction: Option, - /// AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 default is 1. + /// AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server + /// will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 + /// default is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoFailoverMaxCount")] pub auto_failover_max_count: Option, - /// AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod if a disk issue was detected. + /// AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod + /// if a disk issue was detected. #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoFailoverOnDataDiskIssues")] pub auto_failover_on_data_disk_issues: Option, - /// AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors before failing over a faulty disk. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration + /// AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors + /// before failing over a faulty disk. This field must be in the range 5-3600s, defaulting + /// to 120s. More info: https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoFailoverOnDataDiskIssuesTimePeriod")] pub auto_failover_on_data_disk_issues_time_period: Option, - /// AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API + /// AutoFailoverServerGroup whether to enable failing over a server group. + /// This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoFailoverServerGroup")] pub auto_failover_server_group: Option, - /// AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration + /// AutoFailoverTimeout defines how long Couchbase server will wait between a pod + /// being witnessed as down, until when it will failover the pod. Couchbase server + /// will only failover pods if it deems it safe to do so, and not result in data + /// loss. This field must be in the range 5-3600s, defaulting to 120s. + /// More info: https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoFailoverTimeout")] pub auto_failover_timeout: Option, - /// ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource's metadata. + /// ClusterName defines the name of the cluster, as displayed in the Couchbase UI. + /// By default, the cluster name is that specified in the CouchbaseCluster resource's + /// metadata. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterName")] pub cluster_name: Option, /// Data allows the data service to be configured. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// DataServiceMemQuota is the amount of memory that should be allocated to the data service. + /// This value is per-pod, and only applicable to pods belonging to server classes running + /// the data service. This field must be a quantity greater than or equal to 256Mi. This + /// field defaults to 256Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataServiceMemoryQuota")] pub data_service_memory_quota: Option, - /// EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. + /// This value is per-pod, and only applicable to pods belonging to server classes running + /// the eventing service. This field must be a quantity greater than or equal to 256Mi. This + /// field defaults to 256Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "eventingServiceMemoryQuota")] pub eventing_service_memory_quota: Option, - /// IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// IndexServiceMemQuota is the amount of memory that should be allocated to the index service. + /// This value is per-pod, and only applicable to pods belonging to server classes running + /// the index service. This field must be a quantity greater than or equal to 256Mi. This + /// field defaults to 256Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "indexServiceMemoryQuota")] pub index_service_memory_quota: Option, - /// DEPRECATED - by indexer. The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster. + /// DEPRECATED - by indexer. + /// The index storage mode to use for secondary indexing. This field must be one of + /// "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is + /// immutable and cannot be changed unless there are no server classes running the + /// index service in the cluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "indexStorageSetting")] pub index_storage_setting: Option, /// Indexer allows the indexer to be configured. @@ -323,27 +568,41 @@ pub struct CouchbaseClusterCluster { /// Query allows the query service to be configured. #[serde(default, skip_serializing_if = "Option::is_none")] pub query: Option, - /// QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, + /// and is used to define the amount of memory reserved by the query service for use with + /// Kubernetes resource scheduling. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. + /// The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory + /// usage may exceed this value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryServiceMemoryQuota")] pub query_service_memory_quota: Option, - /// SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// SearchServiceMemQuota is the amount of memory that should be allocated to the search service. + /// This value is per-pod, and only applicable to pods belonging to server classes running + /// the search service. This field must be a quantity greater than or equal to 256Mi. This + /// field defaults to 256Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "searchServiceMemoryQuota")] pub search_service_memory_quota: Option, } -/// AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. +/// AutoCompaction allows the configuration of auto-compaction, including on what +/// conditions disk space is reclaimed and when it is allowed to run. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterClusterAutoCompaction { /// DatabaseFragmentationThreshold defines triggers for when database compaction should start. #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseFragmentationThreshold")] pub database_fragmentation_threshold: Option, - /// ParallelCompaction controls whether database and view compactions can happen in parallel. + /// ParallelCompaction controls whether database and view compactions can happen + /// in parallel. #[serde(default, skip_serializing_if = "Option::is_none", rename = "parallelCompaction")] pub parallel_compaction: Option, /// TimeWindow allows restriction of when compaction can occur. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeWindow")] pub time_window: Option, - /// TombstonePurgeInterval controls how long to wait before purging tombstones. This field must be in the range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration + /// TombstonePurgeInterval controls how long to wait before purging tombstones. + /// This field must be in the range 1h-1440h, defaulting to 72h. + /// More info: https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "tombstonePurgeInterval")] pub tombstone_purge_interval: Option, /// ViewFragmentationThreshold defines triggers for when view compaction should start. @@ -354,10 +613,13 @@ pub struct CouchbaseClusterClusterAutoCompaction { /// DatabaseFragmentationThreshold defines triggers for when database compaction should start. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterClusterAutoCompactionDatabaseFragmentationThreshold { - /// Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30. + /// Percent is the percentage of disk fragmentation after which to decompaction will be + /// triggered. This field must be in the range 2-100, defaulting to 30. #[serde(default, skip_serializing_if = "Option::is_none")] pub percent: Option, - /// Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// Size is the amount of disk framentation, that once exceeded, will trigger decompaction. + /// More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none")] pub size: Option, } @@ -365,7 +627,8 @@ pub struct CouchbaseClusterClusterAutoCompactionDatabaseFragmentationThreshold { /// TimeWindow allows restriction of when compaction can occur. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterClusterAutoCompactionTimeWindow { - /// AbortCompactionOutsideWindow stops compaction processes when the process moves outside the window. + /// AbortCompactionOutsideWindow stops compaction processes when the + /// process moves outside the window. #[serde(default, skip_serializing_if = "Option::is_none", rename = "abortCompactionOutsideWindow")] pub abort_compaction_outside_window: Option, /// End is a wallclock time, in the form HH:MM, when a compaction should stop. @@ -379,10 +642,13 @@ pub struct CouchbaseClusterClusterAutoCompactionTimeWindow { /// ViewFragmentationThreshold defines triggers for when view compaction should start. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterClusterAutoCompactionViewFragmentationThreshold { - /// Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30. + /// Percent is the percentage of disk fragmentation after which to decompaction will be + /// triggered. This field must be in the range 2-100, defaulting to 30. #[serde(default, skip_serializing_if = "Option::is_none")] pub percent: Option, - /// Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// Size is the amount of disk framentation, that once exceeded, will trigger decompaction. + /// More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none")] pub size: Option, } @@ -390,21 +656,51 @@ pub struct CouchbaseClusterClusterAutoCompactionViewFragmentationThreshold { /// Data allows the data service to be configured. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterClusterData { - /// AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. + /// AuxIOThreads allows the number of threads used by the data service, + /// per pod, to be altered. This indicates the number of threads that are + /// to be used in the AuxIO thread pool to run auxiliary I/O tasks. + /// This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. + /// and should only be increased where there are sufficient CPU resources + /// allocated for their use. If not specified, this defaults to the + /// default value set by Couchbase Server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "auxIOThreads")] pub aux_io_threads: Option, - /// NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. + /// MinReplicasCount allows the minimum number of replicas required for + /// buckets to be set. New buckets cannot be created with less than this minimum. + /// Defaults to 0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReplicasCount")] + pub min_replicas_count: Option, + /// NonIOThreads allows the number of threads used by the data service, + /// per pod, to be altered. This indicates the number of threads that are + /// to be used in the NonIO thread pool to run in memory tasks. + /// This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. + /// and should only be increased where there are sufficient CPU resources + /// allocated for their use. If not specified, this defaults to the + /// default value set by Couchbase Server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nonIOThreads")] pub non_io_threads: Option, - /// ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. + /// ReaderThreads allows the number of threads used by the data service, + /// per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, + /// or 1 and 64 for CB versions 7.1.0+. + /// and should only be increased where there are sufficient CPU resources + /// allocated for their use. If not specified, this defaults to the + /// default value set by Couchbase Server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readerThreads")] pub reader_threads: Option, - /// WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. + /// WriterThreads allows the number of threads used by the data service, + /// per pod, to be altered. This setting is especially relevant when + /// using "durable writes", increasing this field will have a large + /// impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, + /// // or 1 and 64 for CB versions 7.1.0+. + /// and should only be increased where there are sufficient CPU resources + /// allocated for their use. If not specified, this defaults to the + /// default value set by Couchbase Server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "writerThreads")] pub writer_threads: Option, } -/// ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. +/// ClusterSettings define Couchbase cluster-wide settings such as memory allocation, +/// failover characteristics and index settings. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterClusterIndexStorageSetting { #[serde(rename = "memory_optimized")] @@ -416,28 +712,52 @@ pub enum CouchbaseClusterClusterIndexStorageSetting { /// Indexer allows the indexer to be configured. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterClusterIndexer { - /// LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info". + /// EnableShardAffinity when false Index Servers rebuild any index that + /// are newly assigned to them during a rebalance. When set to true, + /// Couchbase Server moves a reassigned index’s files between Index Servers. + /// This field is only supported on CB versions 7.6.0+. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableShardAffinity")] + pub enable_shard_affinity: Option, + /// LogLevel controls the verbosity of indexer logs. This field must be one of + /// "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or + /// "trace", defaulting to "info". #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] pub log_level: Option, - /// MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1. + /// MaxRollbackPoints controls the number of checkpoints that can be rolled + /// back to. The default is 2, with a minimum of 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxRollbackPoints")] pub max_rollback_points: Option, - /// MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms. + /// MemorySnapshotInterval controls when memory indexes should be snapshotted. + /// This defaults to 200ms, and must be greater than or equal to 1ms. #[serde(default, skip_serializing_if = "Option::is_none", rename = "memorySnapshotInterval")] pub memory_snapshot_interval: Option, - /// NumberOfReplica specifies number of secondary index replicas to be created by the Index Service whenever CREATE INDEX is invoked, which ensures high availability and high performance. Note, if nodes and num_replica are both specified in the WITH clause, the specified number of nodes must be one greater than num_replica This defaults to 0, which means no index replicas to be created by default. Minimum must be 0. + /// NumberOfReplica specifies number of secondary index replicas to be created + /// by the Index Service whenever CREATE INDEX is invoked, which ensures + /// high availability and high performance. + /// Note, if nodes and num_replica are both specified in the WITH clause, + /// the specified number of nodes must be one greater than num_replica + /// This defaults to 0, which means no index replicas to be created by default. + /// Minimum must be 0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "numReplica")] pub num_replica: Option, - /// RedistributeIndexes when true, Couchbase Server redistributes indexes when rebalance occurs, in order to optimize performance. If false (the default), such redistribution does not occur. + /// RedistributeIndexes when true, Couchbase Server redistributes indexes + /// when rebalance occurs, in order to optimize performance. + /// If false (the default), such redistribution does not occur. #[serde(default, skip_serializing_if = "Option::is_none", rename = "redistributeIndexes")] pub redistribute_indexes: Option, - /// StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms. + /// StableSnapshotInterval controls when disk indexes should be snapshotted. + /// This defaults to 5s, and must be greater than or equal to 1ms. #[serde(default, skip_serializing_if = "Option::is_none", rename = "stableSnapshotInterval")] pub stable_snapshot_interval: Option, - /// StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". + /// StorageMode controls the underlying storage engine for indexes. Once set + /// it can only be modified if there are no nodes in the cluster running the + /// index service. The field must be one of "memory_optimized" or "plasma", + /// defaulting to "memory_optimized". #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, - /// Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0. + /// Threads controls the number of processor threads to use for indexing. + /// A value of 0 means 1 per CPU. This attribute must be greater + /// than or equal to 0, defaulting to 0. #[serde(default, skip_serializing_if = "Option::is_none")] pub threads: Option, } @@ -480,15 +800,161 @@ pub struct CouchbaseClusterClusterQuery { /// BackfillEnabled allows the query service to backfill. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backfillEnabled")] pub backfill_enabled: Option, - /// TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires `backfillEnabled` to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// CBOEnabled specifies whether the cost-based optimizer is enabled. + /// Defaults to true. + #[serde(rename = "cboEnabled")] + pub cbo_enabled: bool, + /// CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just + /// transactions that it has created, leaving transactions for the distributed cleanup process only + /// when it is forced to. + /// Defaults to true. + #[serde(rename = "cleanupClientAttemptsEnabled")] + pub cleanup_client_attempts_enabled: bool, + /// CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup + /// process, and cleans up expired transactions created by any client. + /// Defaults to true. + #[serde(rename = "cleanupLostAttemptsEnabled")] + pub cleanup_lost_attempts_enabled: bool, + /// CleanupWindow specifies how frequently the Query service checks its subset of active + /// transaction records for cleanup. + /// Defaults to 60s + #[serde(rename = "cleanupWindow")] + pub cleanup_window: String, + /// CompletedLimit sets the number of requests to be logged in the completed + /// requests catalog. As new completed requests are added, old ones are removed. + #[serde(rename = "completedLimit")] + pub completed_limit: i32, + /// CompletedMaxPlanSize limits the size of query execution plans that can be logged in the + /// completed requests catalog. Queries with plans larger than this are not logged. + /// This field is only supported on CB versions 7.6.0+. + /// Defaults to 262144, maximum value is 20840448, and minimum value is 0. + #[serde(rename = "completedMaxPlanSize")] + pub completed_max_plan_size: String, + /// CompletedTrackingAllRequests allows all requests to be tracked regardless of their + /// time. This field requires `completedTrackingEnabled` to be true. + #[serde(rename = "completedTrackingAllRequests")] + pub completed_tracking_all_requests: bool, + /// CompletedTrackingEnabled allows completed requests to be tracked in the requests + /// catalog. + #[serde(rename = "completedTrackingEnabled")] + pub completed_tracking_enabled: bool, + /// CompletedThreshold is a trigger for queries to be logged in the completed + /// requests catalog. All completed queries lasting longer than this threshold + /// are logged in the completed requests catalog. This field requires `completedTrackingEnabled` + /// to be set to true and `completedTrackingAllRequests` to be false to have any effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "completedTrackingThreshold")] + pub completed_tracking_threshold: Option, + /// LogLevel controls the verbosity of query logs. This field must be one of + /// "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] + pub log_level: Option, + /// MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. + /// If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism + /// is restricted to the number of allowed cores. + /// Defaults to 1. + #[serde(rename = "maxParallelism")] + pub max_parallelism: i32, + /// MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. + /// This parameter enforces a ceiling on the memory used for the tracked documents required for processing + /// a request. It does not take into account any other memory that might be used to process a request, + /// such as the stack, the operators, or some intermediate values. + /// Defaults to 0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryQuota")] + pub memory_quota: Option, + /// NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked + /// value content memory across all active requests for every Query node in the cluster. + /// This field is only supported on CB versions 7.6.0+. + /// Defaults to 67. + #[serde(rename = "nodeQuotaValPercent")] + pub node_quota_val_percent: i32, + /// NumActiveTransactionRecords specifies the total number of active transaction records for + /// all Query nodes in the cluster. + /// Default to 1024 and has a minimum of 1. + #[serde(rename = "numActiveTransactionRecords")] + pub num_active_transaction_records: i32, + /// NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. + /// When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. + /// The number of CPUs can never be greater than the number of logical CPUs. + /// In Community Edition, the number of allowed CPUs cannot be greater than 4. + /// In Enterprise Edition, there is no limit to the number of allowed CPUs. + /// This field is only supported on CB versions 7.6.0+. + /// NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling + /// nodes that are running the query service. + /// Defaults to 0 + #[serde(rename = "numCpus")] + pub num_cpus: i32, + /// PipelineBatch controls the number of items execution operators can batch for + /// Fetch from the KV. Defaults to 16. + #[serde(rename = "pipelineBatch")] + pub pipeline_batch: i32, + /// PipelineCap controls the maximum number of items each execution + /// operator can buffer between various operators. Defaults to 512. + #[serde(rename = "pipelineCap")] + pub pipeline_cap: i32, + /// PreparedLimit is the maximum number of prepared statements in the cache. + /// When this cache reaches the limit, the least recently used prepared + /// statements will be discarded as new prepared statements are created. + #[serde(rename = "preparedLimit")] + pub prepared_limit: i32, + /// ScapCan sets the maximum buffered channel size between the indexer client + /// and the query service for index scans. + /// Defaults to 512. + #[serde(rename = "scanCap")] + pub scan_cap: i32, + /// TemporarySpace allows the temporary storage used by the query + /// service backfill, per-pod, to be modified. This field requires + /// `backfillEnabled` to be set to true in order to have any effect. + /// More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "temporarySpace")] pub temporary_space: Option, - /// TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires `backfillEnabled` to be set to true in order to have any effect. This field overrides `temporarySpace`. + /// TemporarySpaceUnlimited allows the temporary storage used by + /// the query service backfill, per-pod, to be unconstrained. This field + /// requires `backfillEnabled` to be set to true in order to have any effect. + /// This field overrides `temporarySpace`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "temporarySpaceUnlimited")] pub temporary_space_unlimited: Option, + /// Timeout is the maximum time to spend on the request before timing out. + /// If this field is not set then there will be no timeout. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, + /// TxTimeout is the maximum time to spend on a transaction before timing out. This setting + /// only applies to requests containing the BEGIN TRANSACTION statement, or to requests where + /// the tximplicit parameter is set. For all other requests, it is ignored. + /// Defaults to 0ms (no timeout). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "txTimeout")] + pub tx_timeout: Option, + /// UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets + /// are inaccessible. If set to true then read from replica is enabled for all queries, but can + /// be disabled at request level. If set to false read from replica is disabled for all queries + /// and cannot be overridden at request level. If this field is unset then it is enabled/disabled + /// at the request level. + /// This field is only supported on CB versions 7.6.0+. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useReplica")] + pub use_replica: Option, +} + +/// Query allows the query service to be configured. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CouchbaseClusterClusterQueryLogLevel { + #[serde(rename = "debug")] + Debug, + #[serde(rename = "trace")] + Trace, + #[serde(rename = "info")] + Info, + #[serde(rename = "warn")] + Warn, + #[serde(rename = "error")] + Error, + #[serde(rename = "severe")] + Severe, + #[serde(rename = "none")] + None, } -/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized. +/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows +/// the cluster to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterHibernationStrategy { Immediate, @@ -514,31 +980,49 @@ pub struct CouchbaseClusterLogging { /// Used to manage the audit configuration directly #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingAudit { - /// The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html + /// The list of event ids to disable for auditing purposes. + /// This is passed to the REST API with no verification by the operator. + /// Refer to the documentation for details: + /// https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "disabledEvents")] pub disabled_events: Option>, - /// The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user + /// The list of users to ignore for auditing purposes. + /// This is passed to the REST API with minimal validation it meets an acceptable regex pattern. + /// Refer to the documentation for full details on how to configure this: + /// https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user #[serde(default, skip_serializing_if = "Option::is_none", rename = "disabledUsers")] pub disabled_users: Option>, /// Enabled is a boolean that enables the audit capabilities. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, - /// Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html + /// Handle all optional garbage collection (GC) configuration for the audit functionality. + /// This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. + /// By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. + /// This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: + /// https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "garbageCollection")] pub garbage_collection: Option, - /// The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html + /// The interval to optionally rotate the audit log. + /// This is passed to the REST API, see here for details: + /// https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html #[serde(default, skip_serializing_if = "Option::is_none")] pub rotation: Option, } -/// Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html +/// Handle all optional garbage collection (GC) configuration for the audit functionality. +/// This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. +/// By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. +/// This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: +/// https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingAuditGarbageCollection { + /// DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server 7.2.4+ /// Provide the sidecar configuration required (if so desired) to automatically clean up audit logs. #[serde(default, skip_serializing_if = "Option::is_none")] pub sidecar: Option, } +/// DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server 7.2.4+ /// Provide the sidecar configuration required (if so desired) to automatically clean up audit logs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingAuditGarbageCollectionSidecar { @@ -548,35 +1032,71 @@ pub struct CouchbaseClusterLoggingAuditGarbageCollectionSidecar { /// Enable this sidecar by setting to true, defaults to being disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, - /// Image is the image to be used to run the audit sidecar helper. No validation is carried out as this can be any arbitrary repo and tag. + /// Image is the image to be used to run the audit sidecar helper. + /// No validation is carried out as this can be any arbitrary repo and tag. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, /// The interval at which to check for rotated log files to remove, defaults to 20 minutes. #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, - /// Resources is the resource requirements for the cleanup container. Will be populated by Kubernetes defaults if not specified. + /// Resources is the resource requirements for the cleanup container. + /// Will be populated by Kubernetes defaults if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, } -/// Resources is the resource requirements for the cleanup container. Will be populated by Kubernetes defaults if not specified. +/// Resources is the resource requirements for the cleanup container. +/// Will be populated by Kubernetes defaults if not specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingAuditGarbageCollectionSidecarResources { - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } -/// The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterLoggingAuditGarbageCollectionSidecarResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// The interval to optionally rotate the audit log. +/// This is passed to the REST API, see here for details: +/// https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingAuditRotation { /// The interval at which to rotate log files, defaults to 15 minutes. #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, - /// Size allows the specification of a rotation size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// How long Couchbase Server keeps rotated audit logs. + /// If set to 0 (the default) then audit logs won't be pruned. + /// Has a maximum of 35791394 seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pruneAge")] + pub prune_age: Option, + /// Size allows the specification of a rotation size for the log, defaults to 20Mi. + /// More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none")] pub size: Option, } @@ -584,13 +1104,22 @@ pub struct CouchbaseClusterLoggingAuditRotation { /// Specification of all logging configuration required to manage the sidecar containers in each pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingServer { - /// ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway. + /// ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. + /// A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. + /// If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. + /// Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, + /// otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is + /// removed. If running clusters in separate namespaces then they will be separate Secrets anyway. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configurationName")] pub configuration_name: Option, /// Enabled is a boolean that enables the logging sidecar container. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, - /// A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it's ownership stays the same so it will be cleaned up when it's owner is. + /// A boolean which indicates whether the operator should manage the configuration or not. + /// If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. + /// To use a custom configuration make sure to set this to false. + /// Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by + /// the operator but it's ownership stays the same so it will be cleaned up when it's owner is. #[serde(default, skip_serializing_if = "Option::is_none", rename = "manageConfiguration")] pub manage_configuration: Option, /// Any specific logging sidecar container configuration. @@ -601,139 +1130,273 @@ pub struct CouchbaseClusterLoggingServer { /// Any specific logging sidecar container configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingServerSidecar { - /// ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. If another log shipping image is used that needs a different mount then modify this. Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, there is no provision for overriding the name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE environment variable. + /// ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. + /// If another log shipping image is used that needs a different mount then modify this. + /// Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, + /// there is no provision for overriding the name of the config file passed as the + /// COUCHBASE_LOGS_CONFIG_FILE environment variable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configurationMountPath")] pub configuration_mount_path: Option, - /// Image is the image to be used to deal with logging as a sidecar. No validation is carried out as this can be any arbitrary repo and tag. It will default to the latest supported version of Fluent Bit. + /// Image is the image to be used to deal with logging as a sidecar. + /// No validation is carried out as this can be any arbitrary repo and tag. + /// It will default to the latest supported version of Fluent Bit. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// Resources is the resource requirements for the sidecar container. Will be populated by Kubernetes defaults if not specified. + /// Resources is the resource requirements for the sidecar container. + /// Will be populated by Kubernetes defaults if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, } -/// Resources is the resource requirements for the sidecar container. Will be populated by Kubernetes defaults if not specified. +/// Resources is the resource requirements for the sidecar container. +/// Will be populated by Kubernetes defaults if not specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterLoggingServerSidecarResources { - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } -/// Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterLoggingServerSidecarResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ +/// Monitoring defines any Operator managed integration into 3rd party monitoring +/// infrastructure. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterMonitoring { + /// DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ /// Prometheus provides integration with Prometheus monitoring. #[serde(default, skip_serializing_if = "Option::is_none")] pub prometheus: Option, } +/// DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ /// Prometheus provides integration with Prometheus monitoring. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterMonitoringPrometheus { - /// AuthorizationSecret is the name of a Kubernetes secret that contains a bearer token to authorize GET requests to the metrics endpoint + /// AuthorizationSecret is the name of a Kubernetes secret that contains a + /// bearer token to authorize GET requests to the metrics endpoint #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationSecret")] pub authorization_secret: Option, - /// Enabled is a boolean that enables/disables the metrics sidecar container. This must be set to true, when image is provided. + /// Enabled is a boolean that enables/disables the metrics sidecar container. + /// This must be set to true, when image is provided. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, - /// Image is the metrics image to be used to collect metrics. No validation is carried out as this can be any arbitrary repo and tag. enabled must be set to true, when image is provided. + /// Image is the metrics image to be used to collect metrics. + /// No validation is carried out as this can be any arbitrary repo and tag. + /// enabled must be set to true, when image is provided. pub image: String, - /// RefreshRate is the frequency in which cached statistics are updated in seconds. Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second. + /// RefreshRate is the frequency in which cached statistics are updated in seconds. + /// Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ + /// Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshRate")] pub refresh_rate: Option, - /// Resources is the resource requirements for the metrics container. Will be populated by Kubernetes defaults if not specified. + /// Resources is the resource requirements for the metrics container. + /// Will be populated by Kubernetes defaults if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, } -/// Resources is the resource requirements for the metrics container. Will be populated by Kubernetes defaults if not specified. +/// Resources is the resource requirements for the metrics container. +/// Will be populated by Kubernetes defaults if not specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterMonitoringPrometheusResources { - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } -/// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterMonitoringPrometheusResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Networking defines Couchbase cluster networking options such as network +/// topology, TLS and DDNS settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworking { - /// AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+. + /// AddressFamily allows the manual selection of the address family to use. + /// When this field is not set, Couchbase server will default to using IPv4 + /// for internal communication and also support IPv6 on dual stack systems. + /// Setting this field to either IPv4 or IPv6 will force Couchbase to use the + /// selected protocol for internal communication, and also disable all other + /// protocols to provide added security and simplicty when defining firewall + /// rules. Disabling of address families is only supported in Couchbase + /// Server 7.0.2+. #[serde(default, skip_serializing_if = "Option::is_none", rename = "addressFamily")] pub address_family: Option, - /// AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core + /// AdminConsoleServiceTemplate provides a template used by the Operator to create + /// and manage the admin console service. This allows services to be annotated, the + /// service type defined and any other options that Kubernetes provides. When using + /// a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator + /// reserves the right to modify or replace any field. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core #[serde(default, skip_serializing_if = "Option::is_none", rename = "adminConsoleServiceTemplate")] pub admin_console_service_template: Option, - /// DEPRECATED - by adminConsoleServiceTemplate. AdminConsoleServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". + /// DEPRECATED - by adminConsoleServiceTemplate. + /// AdminConsoleServiceType defines whether to create a node port or load balancer service. + /// When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. + /// This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". #[serde(default, skip_serializing_if = "Option::is_none", rename = "adminConsoleServiceType")] pub admin_console_service_type: Option, - /// DEPRECATED - not required by Couchbase Server. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once. + /// DEPRECATED - not required by Couchbase Server. + /// AdminConsoleServices is a selector to choose specific services to expose via the admin + /// console. This field may contain any of "data", "index", "query", "search", "eventing" + /// and "analytics". Each service may only be included once. #[serde(default, skip_serializing_if = "Option::is_none", rename = "adminConsoleServices")] pub admin_console_services: Option>, - /// DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. + /// CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase + /// cluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudNativeGateway")] pub cloud_native_gateway: Option, - /// DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false. + /// DisableUIOverHTTP is used to explicitly enable and disable UI access over + /// the HTTP protocol. If not specified, this field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableUIOverHTTP")] pub disable_ui_over_http: Option, - /// DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false. + /// DisableUIOverHTTPS is used to explicitly enable and disable UI access over + /// the HTTPS protocol. If not specified, this field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableUIOverHTTPS")] pub disable_ui_over_https: Option, /// DNS defines information required for Dynamic DNS support. #[serde(default, skip_serializing_if = "Option::is_none")] pub dns: Option, - /// ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field. + /// ExposeAdminConsole creates a service referencing the admin console. + /// The service is configured by the adminConsoleServiceTemplate field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "exposeAdminConsole")] pub expose_admin_console: Option, - /// ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core + /// ExposedFeatureServiceTemplate provides a template used by the Operator to create + /// and manage per-pod services. This allows services to be annotated, the + /// service type defined and any other options that Kubernetes provides. When using + /// a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator + /// reserves the right to modify or replace any field. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core #[serde(default, skip_serializing_if = "Option::is_none", rename = "exposedFeatureServiceTemplate")] pub exposed_feature_service_template: Option, - /// DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". + /// DEPRECATED - by exposedFeatureServiceTemplate. + /// ExposedFeatureServiceType defines whether to create a node port or load balancer service. + /// When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. + /// This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". #[serde(default, skip_serializing_if = "Option::is_none", rename = "exposedFeatureServiceType")] pub exposed_feature_service_type: Option, - /// DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local", + /// DEPRECATED - by exposedFeatureServiceTemplate. + /// ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer + /// service to a Couchbase pod. When local, traffic is routed directly to the pod. When + /// cluster, traffic is routed to any node, then forwarded on. While cluster routing may be + /// slower, there are some situations where it is required for connectivity. This field + /// must be either "Cluster" or "Local", defaulting to "Local", #[serde(default, skip_serializing_if = "Option::is_none", rename = "exposedFeatureTrafficPolicy")] pub exposed_feature_traffic_policy: Option, - /// ExposedFeatures is a list of Couchbase features to expose when using a networking model that exposes the Couchbase cluster externally to Kubernetes. This field also triggers the creation of per-pod services used by clients to connect to the Couchbase cluster. When admin, only the administrator port is exposed, allowing remote administration. When xdcr, only the services required for remote replication are exposed. The xdcr feature is only required when the cluster is the destination of an XDCR replication. When client, all services are exposed as required for client SDK operation. This field may contain any of "admin", "xdcr" and "client". Each feature may only be included once. + /// ExposedFeatures is a list of Couchbase features to expose when using a networking + /// model that exposes the Couchbase cluster externally to Kubernetes. This field also + /// triggers the creation of per-pod services used by clients to connect to the Couchbase + /// cluster. When admin, only the administrator port is exposed, allowing remote + /// administration. When xdcr, only the services required for remote replication are exposed. + /// The xdcr feature is only required when the cluster is the destination of an XDCR + /// replication. When client, all services are exposed as required for client SDK operation. + /// This field may contain any of "admin", "xdcr" and "client". Each feature may only be + /// included once. #[serde(default, skip_serializing_if = "Option::is_none", rename = "exposedFeatures")] pub exposed_features: Option>, - /// DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. LoadBalancerSourceRanges applies only when an exposed service is of type LoadBalancer and limits the source IP ranges that are allowed to use the service. Items must use IPv4 class-less interdomain routing (CIDR) notation e.g. 10.0.0.0/16. + /// DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + /// LoadBalancerSourceRanges applies only when an exposed service is of type + /// LoadBalancer and limits the source IP ranges that are allowed to use the + /// service. Items must use IPv4 class-less interdomain routing (CIDR) notation + /// e.g. 10.0.0.0/16. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] pub load_balancer_source_ranges: Option>, - /// NetworkPlatform is used to enable support for various networking technologies. This field must be one of "Istio". + /// NetworkPlatform is used to enable support for various networking + /// technologies. This field must be one of "Istio". #[serde(default, skip_serializing_if = "Option::is_none", rename = "networkPlatform")] pub network_platform: Option, - /// DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation. + /// DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + /// ServiceAnnotations allows services to be annotated with custom labels. + /// Operator annotations are merged on top of these so have precedence as + /// they are required for correct operation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAnnotations")] pub service_annotations: Option>, - /// TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies. + /// TLS defines the TLS configuration for the cluster including + /// server and client certificate configuration, and TLS security policies. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, - /// WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial `waitForAddressReachableDelay` to allow propagation. + /// WaitForAddressReachable is used to set the timeout between when polling of + /// external addresses is started, and when it is deemed a failure. Polling of + /// DNS name availability inherently dangerous due to negative caching, so prefer + /// the use of an initial `waitForAddressReachableDelay` to allow propagation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "waitForAddressReachable")] pub wait_for_address_reachable: Option, - /// WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses. + /// WaitForAddressReachableDelay is used to defer operator checks that + /// ensure external addresses are reachable before new nodes are balanced + /// in to the cluster. This prevents negative DNS caching while waiting + /// for external-DDNS controllers to propagate addresses. #[serde(default, skip_serializing_if = "Option::is_none", rename = "waitForAddressReachableDelay")] pub wait_for_address_reachable_delay: Option, } -/// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +/// Networking defines Couchbase cluster networking options such as network +/// topology, TLS and DDNS settings. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingAddressFamily { IPv4, IPv6, } -/// AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core +/// AdminConsoleServiceTemplate provides a template used by the Operator to create +/// and manage the admin console service. This allows services to be annotated, the +/// service type defined and any other options that Kubernetes provides. When using +/// a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator +/// reserves the right to modify or replace any field. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplate { - /// Standard objects metadata. This is a curated version for use with Couchbase resource templates. + /// Standard objects metadata. This is a curated version for use with Couchbase + /// resource templates. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, /// ServiceSpec describes the attributes that a user creates on a service. @@ -741,13 +1404,19 @@ pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplate { pub spec: Option, } -/// Standard objects metadata. This is a curated version for use with Couchbase resource templates. +/// Standard objects metadata. This is a curated version for use with Couchbase +/// resource templates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplateMetadata { - /// Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + /// Annotations is an unstructured key value map stored with a resource that + /// may be set by external tools to store and retrieve arbitrary metadata. They + /// are not queryable and should be preserved when modifying objects. More + /// info: http://kubernetes.io/docs/user-guide/annotations #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels + /// Map of string keys and values that can be used to organize and categorize + /// (scope and select) objects. May match selectors of replication controllers + /// and services. More info: http://kubernetes.io/docs/user-guide/labels #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } @@ -755,54 +1424,188 @@ pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplateMetadata { /// ServiceSpec describes the attributes that a user creates on a service. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplateSpec { - /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. + /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically + /// allocated for services with type LoadBalancer. Default is "true". It + /// may be set to "false" if the cluster load-balancer does not rely on + /// NodePorts. If the caller requests specific NodePorts (by specifying a + /// value), those requests will be respected, regardless of this field. + /// This field may only be set for services with type LoadBalancer and will + /// be cleared if the type is changed to any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocateLoadBalancerNodePorts")] pub allocate_load_balancer_node_ports: Option, - /// clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + /// clusterIP is the IP address of the service and is usually assigned + /// randomly. If an address is specified manually, is in-range (as per + /// system configuration), and is not in use, it will be allocated to the + /// service; otherwise creation of the service will fail. This field may not + /// be changed through updates unless the type field is also being changed + /// to ExternalName (which requires this field to be blank) or the type + /// field is being changed from ExternalName (in which case this field may + /// optionally be specified, as describe above). Valid values are "None", + /// empty string (""), or a valid IP address. Setting this to "None" makes a + /// "headless service" (no virtual IP), which is useful when direct endpoint + /// connections are preferred and proxying is not required. Only applies to + /// types ClusterIP, NodePort, and LoadBalancer. If this field is specified + /// when creating a Service of type ExternalName, creation will fail. This + /// field will be wiped when updating a Service to type ExternalName. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIP")] pub cluster_ip: Option, - /// ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - /// This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + /// ClusterIPs is a list of IP addresses assigned to this service, and are + /// usually assigned randomly. If an address is specified manually, is + /// in-range (as per system configuration), and is not in use, it will be + /// allocated to the service; otherwise creation of the service will fail. + /// This field may not be changed through updates unless the type field is + /// also being changed to ExternalName (which requires this field to be + /// empty) or the type field is being changed from ExternalName (in which + /// case this field may optionally be specified, as describe above). Valid + /// values are "None", empty string (""), or a valid IP address. Setting + /// this to "None" makes a "headless service" (no virtual IP), which is + /// useful when direct endpoint connections are preferred and proxying is + /// not required. Only applies to types ClusterIP, NodePort, and + /// LoadBalancer. If this field is specified when creating a Service of type + /// ExternalName, creation will fail. This field will be wiped when updating + /// a Service to type ExternalName. If this field is not specified, it will + /// be initialized from the clusterIP field. If this field is specified, + /// clients must ensure that clusterIPs[0] and clusterIP have the same + /// value. + /// + /// + /// This field may hold a maximum of two entries (dual-stack IPs, in either order). + /// These IPs must correspond to the values of the ipFamilies field. Both + /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIPs")] pub cluster_i_ps: Option>, - /// externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + /// externalIPs is a list of IP addresses for which nodes in the cluster + /// will also accept traffic for this service. These IPs are not managed by + /// Kubernetes. The user is responsible for ensuring that traffic arrives + /// at a node with this IP. A common example is external load-balancers + /// that are not part of the Kubernetes system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] pub external_i_ps: Option>, - /// externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + /// externalName is the external reference that discovery mechanisms will + /// return as an alias for this service (e.g. a DNS CNAME record). No + /// proxying will be involved. Must be a lowercase RFC-1123 hostname + /// (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalName")] pub external_name: Option, - /// externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. + /// externalTrafficPolicy describes how nodes distribute service traffic they + /// receive on one of the Service's "externally-facing" addresses (NodePorts, + /// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + /// the service in a way that assumes that external load balancers will take care + /// of balancing the service traffic between nodes, and so each node will deliver + /// traffic only to the node-local endpoints of the service, without masquerading + /// the client source IP. (Traffic mistakenly sent to a node with no endpoints will + /// be dropped.) The default value, "Cluster", uses the standard behavior of + /// routing to all endpoints evenly (possibly modified by topology and other + /// features). Note that traffic sent to an External IP or LoadBalancer IP from + /// within the cluster will always get "Cluster" semantics, but clients sending to + /// a NodePort from within the cluster may need to take traffic policy into account + /// when picking a node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] pub external_traffic_policy: Option, - /// healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set. + /// healthCheckNodePort specifies the healthcheck nodePort for the service. + /// This only applies when type is set to LoadBalancer and + /// externalTrafficPolicy is set to Local. If a value is specified, is + /// in-range, and is not in use, it will be used. If not specified, a value + /// will be automatically allocated. External systems (e.g. load-balancers) + /// can use this port to determine if a given node holds endpoints for this + /// service or not. If this field is specified when creating a Service + /// which does not need it, creation will fail. This field will be wiped + /// when updating a Service to no longer need it (e.g. changing type). + /// This field cannot be updated once set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheckNodePort")] pub health_check_node_port: Option, - /// InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). + /// InternalTrafficPolicy describes how nodes distribute service traffic they + /// receive on the ClusterIP. If set to "Local", the proxy will assume that pods + /// only want to talk to endpoints of the service on the same node as the pod, + /// dropping the traffic if there are no local endpoints. The default value, + /// "Cluster", uses the standard behavior of routing to all endpoints evenly + /// (possibly modified by topology and other features). #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalTrafficPolicy")] pub internal_traffic_policy: Option, - /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. - /// This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + /// service. This field is usually assigned automatically based on cluster + /// configuration and the ipFamilyPolicy field. If this field is specified + /// manually, the requested family is available in the cluster, + /// and ipFamilyPolicy allows it, it will be used; otherwise creation of + /// the service will fail. This field is conditionally mutable: it allows + /// for adding or removing a secondary IP family, but it does not allow + /// changing the primary IP family of the Service. Valid values are "IPv4" + /// and "IPv6". This field only applies to Services of types ClusterIP, + /// NodePort, and LoadBalancer, and does apply to "headless" services. + /// This field will be wiped when updating a Service to type ExternalName. + /// + /// + /// This field may hold a maximum of two entries (dual-stack families, in + /// either order). These families must correspond to the values of the + /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are + /// governed by the ipFamilyPolicy field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] pub ip_families: Option>, - /// IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + /// IPFamilyPolicy represents the dual-stack-ness requested or required by + /// this Service. If there is no value provided, then this field will be set + /// to SingleStack. Services can be "SingleStack" (a single IP family), + /// "PreferDualStack" (two IP families on dual-stack configured clusters or + /// a single IP family on single-stack clusters), or "RequireDualStack" + /// (two IP families on dual-stack configured clusters, otherwise fail). The + /// ipFamilies and clusterIPs fields depend on the value of this field. This + /// field will be wiped when updating a service to type ExternalName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] pub ip_family_policy: Option, - /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. + /// If specified, the value of this field must be a label-style identifier, with an optional prefix, + /// e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + /// This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + /// balancer implementation is used, today this is typically done through the cloud provider integration, + /// but should apply for any default implementation. If set, it is assumed that a load balancer + /// implementation is watching for Services with a matching class. Any default load balancer + /// implementation (e.g. cloud providers) should ignore Services that set this field. + /// This field can only be set when creating or updating a Service to type 'LoadBalancer'. + /// Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerClass")] pub load_balancer_class: Option, - /// Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version. + /// Only applies to Service Type: LoadBalancer. + /// This feature depends on whether the underlying cloud-provider supports specifying + /// the loadBalancerIP when a load balancer is created. + /// This field will be ignored if the cloud-provider does not support the feature. + /// Deprecated: This field was under-specified and its meaning varies across implementations. + /// Using it is non-portable and it may not support dual-stack. + /// Users are encouraged to use implementation-specific annotations when available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] pub load_balancer_ip: Option, - /// If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + /// If specified and supported by the platform, this will restrict traffic through the cloud-provider + /// load-balancer will be restricted to the specified client IPs. This field will be ignored if the + /// cloud-provider does not support the feature." + /// More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] pub load_balancer_source_ranges: Option>, - /// Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + /// Supports "ClientIP" and "None". Used to maintain session affinity. + /// Enable client IP based session affinity. + /// Must be ClientIP or None. + /// Defaults to None. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] pub session_affinity: Option, /// sessionAffinityConfig contains the configurations of session affinity. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinityConfig")] pub session_affinity_config: Option, - /// type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + /// type determines how the Service is exposed. Defaults to ClusterIP. Valid + /// options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + /// "ClusterIP" allocates a cluster-internal IP address for load-balancing + /// to endpoints. Endpoints are determined by the selector or if that is not + /// specified, by manual construction of an Endpoints object or + /// EndpointSlice objects. If clusterIP is "None", no virtual IP is + /// allocated and the endpoints are published as a set of endpoints rather + /// than a virtual IP. + /// "NodePort" builds on ClusterIP and allocates a port on every node which + /// routes to the same endpoints as the clusterIP. + /// "LoadBalancer" builds on NodePort and creates an external load-balancer + /// (if supported in the current cloud) which routes to the same endpoints + /// as the clusterIP. + /// "ExternalName" aliases this service to the specified externalName. + /// Several other fields do not apply to ExternalName services. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -818,32 +1621,90 @@ pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplateSpecSessionAffin /// clientIP contains the configurations of Client IP based session affinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingAdminConsoleServiceTemplateSpecSessionAffinityConfigClientIp { - /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. + /// The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + /// Default value is 10800(for 3 hours). #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } -/// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +/// Networking defines Couchbase cluster networking options such as network +/// topology, TLS and DDNS settings. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingAdminConsoleServiceType { NodePort, LoadBalancer, } -/// DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +/// CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase +/// cluster. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct CouchbaseClusterNetworkingCloudNativeGateway { - /// DEVELOPER PREVIEW - This feature is in developer preview. Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. + /// Image is the Cloud Native Gateway image to be used to run the sidecar container. + /// No validation is carried out as this can be any arbitrary repo and tag. + /// TODO: provide a default kubebuilder default image tag as field is mandatory. pub image: String, - /// DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. + /// DEVELOPER PREVIEW - This feature is in developer preview. + /// LogLevel controls the verbosity of cloud native logs. This field must be one of + /// "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info". + #[serde(rename = "logLevel")] + pub log_level: CouchbaseClusterNetworkingCloudNativeGatewayLogLevel, + /// TerminationGracePeriodSeconds specifies the grace period for the container to + /// terminate. Defaults to 75 seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] + pub termination_grace_period_seconds: Option, + /// TLS defines the TLS configuration for the Cloud Native Gateway server including + /// server and client certificate configuration, and TLS security policies. + /// If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys + /// and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` + /// unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. + /// This action could be overidden at the outset or later, by using the below + /// TLS config or generating the secret of same name as + /// `couchbase-cloud-native-gateway-self-signed-secret-` with certificates + /// conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". + /// N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else + /// would be ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, } -/// DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. +/// CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase +/// cluster. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CouchbaseClusterNetworkingCloudNativeGatewayLogLevel { + #[serde(rename = "fatal")] + Fatal, + #[serde(rename = "panic")] + Panic, + #[serde(rename = "dpanic")] + Dpanic, + #[serde(rename = "error")] + Error, + #[serde(rename = "warn")] + Warn, + #[serde(rename = "info")] + Info, + #[serde(rename = "debug")] + Debug, +} + +/// TLS defines the TLS configuration for the Cloud Native Gateway server including +/// server and client certificate configuration, and TLS security policies. +/// If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys +/// and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` +/// unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. +/// This action could be overidden at the outset or later, by using the below +/// TLS config or generating the secret of same name as +/// `couchbase-cloud-native-gateway-self-signed-secret-` with certificates +/// conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". +/// N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else +/// would be ignored. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingCloudNativeGatewayTls { - /// DEVELOPER PREVIEW - This feature is in developer preview. ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains Cloud Native Gateway gRPC server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type. + /// ServerSecretName specifies the secret name, in the same namespace as the cluster, + /// that contains Cloud Native Gateway gRPC server TLS data. + /// The secret is expected to contain "tls.crt" and + /// "tls.key" as per the kubernetes.io/tls secret type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverSecretName")] pub server_secret_name: Option, } @@ -851,15 +1712,25 @@ pub struct CouchbaseClusterNetworkingCloudNativeGatewayTls { /// DNS defines information required for Dynamic DNS support. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingDns { - /// Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server. + /// Domain is the domain to create pods in. When populated the Operator + /// will annotate the admin console and per-pod services with the key + /// "external-dns.alpha.kubernetes.io/hostname". These annotations can + /// be used directly by a Kubernetes External-DNS controller to replicate + /// load balancer service IP addresses into a public DNS server. #[serde(default, skip_serializing_if = "Option::is_none")] pub domain: Option, } -/// ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core +/// ExposedFeatureServiceTemplate provides a template used by the Operator to create +/// and manage per-pod services. This allows services to be annotated, the +/// service type defined and any other options that Kubernetes provides. When using +/// a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator +/// reserves the right to modify or replace any field. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplate { - /// Standard objects metadata. This is a curated version for use with Couchbase resource templates. + /// Standard objects metadata. This is a curated version for use with Couchbase + /// resource templates. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, /// ServiceSpec describes the attributes that a user creates on a service. @@ -867,13 +1738,19 @@ pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplate { pub spec: Option, } -/// Standard objects metadata. This is a curated version for use with Couchbase resource templates. +/// Standard objects metadata. This is a curated version for use with Couchbase +/// resource templates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplateMetadata { - /// Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + /// Annotations is an unstructured key value map stored with a resource that + /// may be set by external tools to store and retrieve arbitrary metadata. They + /// are not queryable and should be preserved when modifying objects. More + /// info: http://kubernetes.io/docs/user-guide/annotations #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels + /// Map of string keys and values that can be used to organize and categorize + /// (scope and select) objects. May match selectors of replication controllers + /// and services. More info: http://kubernetes.io/docs/user-guide/labels #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } @@ -881,54 +1758,188 @@ pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplateMetadata { /// ServiceSpec describes the attributes that a user creates on a service. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplateSpec { - /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. + /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically + /// allocated for services with type LoadBalancer. Default is "true". It + /// may be set to "false" if the cluster load-balancer does not rely on + /// NodePorts. If the caller requests specific NodePorts (by specifying a + /// value), those requests will be respected, regardless of this field. + /// This field may only be set for services with type LoadBalancer and will + /// be cleared if the type is changed to any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocateLoadBalancerNodePorts")] pub allocate_load_balancer_node_ports: Option, - /// clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + /// clusterIP is the IP address of the service and is usually assigned + /// randomly. If an address is specified manually, is in-range (as per + /// system configuration), and is not in use, it will be allocated to the + /// service; otherwise creation of the service will fail. This field may not + /// be changed through updates unless the type field is also being changed + /// to ExternalName (which requires this field to be blank) or the type + /// field is being changed from ExternalName (in which case this field may + /// optionally be specified, as describe above). Valid values are "None", + /// empty string (""), or a valid IP address. Setting this to "None" makes a + /// "headless service" (no virtual IP), which is useful when direct endpoint + /// connections are preferred and proxying is not required. Only applies to + /// types ClusterIP, NodePort, and LoadBalancer. If this field is specified + /// when creating a Service of type ExternalName, creation will fail. This + /// field will be wiped when updating a Service to type ExternalName. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIP")] pub cluster_ip: Option, - /// ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - /// This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + /// ClusterIPs is a list of IP addresses assigned to this service, and are + /// usually assigned randomly. If an address is specified manually, is + /// in-range (as per system configuration), and is not in use, it will be + /// allocated to the service; otherwise creation of the service will fail. + /// This field may not be changed through updates unless the type field is + /// also being changed to ExternalName (which requires this field to be + /// empty) or the type field is being changed from ExternalName (in which + /// case this field may optionally be specified, as describe above). Valid + /// values are "None", empty string (""), or a valid IP address. Setting + /// this to "None" makes a "headless service" (no virtual IP), which is + /// useful when direct endpoint connections are preferred and proxying is + /// not required. Only applies to types ClusterIP, NodePort, and + /// LoadBalancer. If this field is specified when creating a Service of type + /// ExternalName, creation will fail. This field will be wiped when updating + /// a Service to type ExternalName. If this field is not specified, it will + /// be initialized from the clusterIP field. If this field is specified, + /// clients must ensure that clusterIPs[0] and clusterIP have the same + /// value. + /// + /// + /// This field may hold a maximum of two entries (dual-stack IPs, in either order). + /// These IPs must correspond to the values of the ipFamilies field. Both + /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIPs")] pub cluster_i_ps: Option>, - /// externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + /// externalIPs is a list of IP addresses for which nodes in the cluster + /// will also accept traffic for this service. These IPs are not managed by + /// Kubernetes. The user is responsible for ensuring that traffic arrives + /// at a node with this IP. A common example is external load-balancers + /// that are not part of the Kubernetes system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] pub external_i_ps: Option>, - /// externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + /// externalName is the external reference that discovery mechanisms will + /// return as an alias for this service (e.g. a DNS CNAME record). No + /// proxying will be involved. Must be a lowercase RFC-1123 hostname + /// (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalName")] pub external_name: Option, - /// externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. + /// externalTrafficPolicy describes how nodes distribute service traffic they + /// receive on one of the Service's "externally-facing" addresses (NodePorts, + /// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + /// the service in a way that assumes that external load balancers will take care + /// of balancing the service traffic between nodes, and so each node will deliver + /// traffic only to the node-local endpoints of the service, without masquerading + /// the client source IP. (Traffic mistakenly sent to a node with no endpoints will + /// be dropped.) The default value, "Cluster", uses the standard behavior of + /// routing to all endpoints evenly (possibly modified by topology and other + /// features). Note that traffic sent to an External IP or LoadBalancer IP from + /// within the cluster will always get "Cluster" semantics, but clients sending to + /// a NodePort from within the cluster may need to take traffic policy into account + /// when picking a node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] pub external_traffic_policy: Option, - /// healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set. + /// healthCheckNodePort specifies the healthcheck nodePort for the service. + /// This only applies when type is set to LoadBalancer and + /// externalTrafficPolicy is set to Local. If a value is specified, is + /// in-range, and is not in use, it will be used. If not specified, a value + /// will be automatically allocated. External systems (e.g. load-balancers) + /// can use this port to determine if a given node holds endpoints for this + /// service or not. If this field is specified when creating a Service + /// which does not need it, creation will fail. This field will be wiped + /// when updating a Service to no longer need it (e.g. changing type). + /// This field cannot be updated once set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheckNodePort")] pub health_check_node_port: Option, - /// InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). + /// InternalTrafficPolicy describes how nodes distribute service traffic they + /// receive on the ClusterIP. If set to "Local", the proxy will assume that pods + /// only want to talk to endpoints of the service on the same node as the pod, + /// dropping the traffic if there are no local endpoints. The default value, + /// "Cluster", uses the standard behavior of routing to all endpoints evenly + /// (possibly modified by topology and other features). #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalTrafficPolicy")] pub internal_traffic_policy: Option, - /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. - /// This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + /// service. This field is usually assigned automatically based on cluster + /// configuration and the ipFamilyPolicy field. If this field is specified + /// manually, the requested family is available in the cluster, + /// and ipFamilyPolicy allows it, it will be used; otherwise creation of + /// the service will fail. This field is conditionally mutable: it allows + /// for adding or removing a secondary IP family, but it does not allow + /// changing the primary IP family of the Service. Valid values are "IPv4" + /// and "IPv6". This field only applies to Services of types ClusterIP, + /// NodePort, and LoadBalancer, and does apply to "headless" services. + /// This field will be wiped when updating a Service to type ExternalName. + /// + /// + /// This field may hold a maximum of two entries (dual-stack families, in + /// either order). These families must correspond to the values of the + /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are + /// governed by the ipFamilyPolicy field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] pub ip_families: Option>, - /// IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + /// IPFamilyPolicy represents the dual-stack-ness requested or required by + /// this Service. If there is no value provided, then this field will be set + /// to SingleStack. Services can be "SingleStack" (a single IP family), + /// "PreferDualStack" (two IP families on dual-stack configured clusters or + /// a single IP family on single-stack clusters), or "RequireDualStack" + /// (two IP families on dual-stack configured clusters, otherwise fail). The + /// ipFamilies and clusterIPs fields depend on the value of this field. This + /// field will be wiped when updating a service to type ExternalName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] pub ip_family_policy: Option, - /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. + /// If specified, the value of this field must be a label-style identifier, with an optional prefix, + /// e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + /// This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + /// balancer implementation is used, today this is typically done through the cloud provider integration, + /// but should apply for any default implementation. If set, it is assumed that a load balancer + /// implementation is watching for Services with a matching class. Any default load balancer + /// implementation (e.g. cloud providers) should ignore Services that set this field. + /// This field can only be set when creating or updating a Service to type 'LoadBalancer'. + /// Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerClass")] pub load_balancer_class: Option, - /// Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version. + /// Only applies to Service Type: LoadBalancer. + /// This feature depends on whether the underlying cloud-provider supports specifying + /// the loadBalancerIP when a load balancer is created. + /// This field will be ignored if the cloud-provider does not support the feature. + /// Deprecated: This field was under-specified and its meaning varies across implementations. + /// Using it is non-portable and it may not support dual-stack. + /// Users are encouraged to use implementation-specific annotations when available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] pub load_balancer_ip: Option, - /// If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + /// If specified and supported by the platform, this will restrict traffic through the cloud-provider + /// load-balancer will be restricted to the specified client IPs. This field will be ignored if the + /// cloud-provider does not support the feature." + /// More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] pub load_balancer_source_ranges: Option>, - /// Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + /// Supports "ClientIP" and "None". Used to maintain session affinity. + /// Enable client IP based session affinity. + /// Must be ClientIP or None. + /// Defaults to None. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] pub session_affinity: Option, /// sessionAffinityConfig contains the configurations of session affinity. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinityConfig")] pub session_affinity_config: Option, - /// type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + /// type determines how the Service is exposed. Defaults to ClusterIP. Valid + /// options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + /// "ClusterIP" allocates a cluster-internal IP address for load-balancing + /// to endpoints. Endpoints are determined by the selector or if that is not + /// specified, by manual construction of an Endpoints object or + /// EndpointSlice objects. If clusterIP is "None", no virtual IP is + /// allocated and the endpoints are published as a set of endpoints rather + /// than a virtual IP. + /// "NodePort" builds on ClusterIP and allocates a port on every node which + /// routes to the same endpoints as the clusterIP. + /// "LoadBalancer" builds on NodePort and creates an external load-balancer + /// (if supported in the current cloud) which routes to the same endpoints + /// as the clusterIP. + /// "ExternalName" aliases this service to the specified externalName. + /// Several other fields do not apply to ExternalName services. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -944,62 +1955,108 @@ pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplateSpecSessionAff /// clientIP contains the configurations of Client IP based session affinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingExposedFeatureServiceTemplateSpecSessionAffinityConfigClientIp { - /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. + /// The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + /// Default value is 10800(for 3 hours). #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, } -/// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +/// Networking defines Couchbase cluster networking options such as network +/// topology, TLS and DDNS settings. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingExposedFeatureServiceType { NodePort, LoadBalancer, } -/// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +/// Networking defines Couchbase cluster networking options such as network +/// topology, TLS and DDNS settings. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingExposedFeatureTrafficPolicy { Cluster, Local, } -/// Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +/// Networking defines Couchbase cluster networking options such as network +/// topology, TLS and DDNS settings. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingNetworkPlatform { Istio, } -/// TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies. +/// TLS defines the TLS configuration for the cluster including +/// server and client certificate configuration, and TLS security policies. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTls { - /// AllowPlainTextCertReload allows the reload of TLS certificates in plain text. This option should only be enabled as a means to recover connectivity with server in the event that any of the server certificates expire. When enabled the Operator only attempts plain text cert reloading when expired certificates are detected. + /// AllowPlainTextCertReload allows the reload of TLS certificates in plain text. + /// This option should only be enabled as a means to recover connectivity with + /// server in the event that any of the server certificates expire. When enabled + /// the Operator only attempts plain text cert reloading when expired certificates + /// are detected. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPlainTextCertReload")] pub allow_plain_text_cert_reload: Option, - /// CipherSuites specifies a list of cipher suites for Couchbase server to select from when negotiating TLS handshakes with a client. Suites are not validated by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to interrogate supported values. + /// CipherSuites specifies a list of cipher suites for Couchbase server to select + /// from when negotiating TLS handshakes with a client. Suites are not validated + /// by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to + /// interrogate supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cipherSuites")] pub cipher_suites: Option>, - /// ClientCertificatePaths defines where to look in client certificates in order to extract the user name. + /// ClientCertificatePaths defines where to look in client certificates in order + /// to extract the user name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCertificatePaths")] pub client_certificate_paths: Option>, - /// ClientCertificatePolicy defines the client authentication policy to use. If set, the Operator expects TLS configuration to contain a valid certificate/key pair for the Administrator account. + /// ClientCertificatePolicy defines the client authentication policy to use. + /// If set, the Operator expects TLS configuration to contain a valid certificate/key pair + /// for the Administrator account. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCertificatePolicy")] pub client_certificate_policy: Option, - /// NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes within the same cluster. This may come at the expense of performance. When control plane only encryption is used, only cluster management traffic is encrypted between nodes. When all, all traffic is encrypted, including database documents. When strict mode is used, it is the same as all, but also disables all plaintext ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. Node to node encryption can only be used when TLS certificates are managed by the Operator. This field must be either "ControlPlaneOnly", "All", or "Strict". + /// NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes + /// within the same cluster. This may come at the expense of performance. When + /// control plane only encryption is used, only cluster management traffic is encrypted + /// between nodes. When all, all traffic is encrypted, including database documents. + /// When strict mode is used, it is the same as all, but also disables all plaintext + /// ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. + /// Node to node encryption can only be used when TLS certificates are managed by the + /// Operator. This field must be either "ControlPlaneOnly", "All", or "Strict". #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeToNodeEncryption")] pub node_to_node_encryption: Option, - /// PassphraseConfig configures the passphrase key to use with encrypted certificates. The passphrase may be registered with Couchbase Server using a local script or a rest endpoint. Private key encryption is only available on Couchbase Server versions 7.1 and greater. + /// PassphraseConfig configures the passphrase key to use with encrypted certificates. + /// The passphrase may be registered with Couchbase Server using a local script or a + /// rest endpoint. Private key encryption is only available on Couchbase Server + /// versions 7.1 and greater. #[serde(default, skip_serializing_if = "Option::is_none")] pub passphrase: Option, - /// RootCAs defines a set of secrets that reside in this namespace that contain additional CA certificates that should be installed in Couchbase. The CA certificates that are defined here are in addition to those defined for the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and thus should not be duplicated. Each Secret referred to must be of well-known type "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static configuration. + /// RootCAs defines a set of secrets that reside in this namespace that contain + /// additional CA certificates that should be installed in Couchbase. The CA + /// certificates that are defined here are in addition to those defined for the + /// cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and + /// thus should not be duplicated. Each Secret referred to must be of well-known type + /// "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". + /// Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, + /// and not with legacy couchbaseclusters.spec.networking.tls.static configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootCAs")] pub root_c_as: Option>, - /// SecretSource enables the user to specify a secret conforming to the Kubernetes TLS secret specification that is used for the Couchbase server certificate, and optionally the Operator's client certificate, providing cert-manager compatibility without having to specify a separate root CA. A server CA certificate must be supplied by one of the provided methods. Certificates referred to must conform to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" type secrets cannot verify encrypted keys. + /// SecretSource enables the user to specify a secret conforming to the Kubernetes TLS + /// secret specification that is used for the Couchbase server certificate, and optionally + /// the Operator's client certificate, providing cert-manager compatibility without having + /// to specify a separate root CA. A server CA certificate must be supplied by one of the + /// provided methods. Certificates referred to must conform to the keys of well-known type + /// "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted + /// private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" + /// type secrets cannot verify encrypted keys. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretSource")] pub secret_source: Option, - /// DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. Static enables user to generate static x509 certificates and keys, put them into Kubernetes secrets, and specify them here. Static secrets are Couchbase specific, and follow no well-known standards. + /// DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. + /// Static enables user to generate static x509 certificates and keys, + /// put them into Kubernetes secrets, and specify them here. Static secrets + /// are Couchbase specific, and follow no well-known standards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "static")] pub r#static: Option, - /// TLSMinimumVersion specifies the minimum TLS version the Couchbase server can negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward. + /// TLSMinimumVersion specifies the minimum TLS version the Couchbase server can + /// negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, + /// defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward. + /// TLS1.0 and TLS1.1 are not valid for Couchbase Server 7.6.0 onward. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsMinimumVersion")] pub tls_minimum_version: Option, } @@ -1007,17 +2064,21 @@ pub struct CouchbaseClusterNetworkingTls { /// ClientCertificatePath defines how to extract a username from a client ceritficate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTlsClientCertificatePaths { - /// Delimiter if specified allows a suffix to be stripped from the username, once extracted from the certificate path. + /// Delimiter if specified allows a suffix to be stripped from the username, once + /// extracted from the certificate path. #[serde(default, skip_serializing_if = "Option::is_none")] pub delimiter: Option, - /// Path defines where in the X.509 specification to extract the username from. This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email". + /// Path defines where in the X.509 specification to extract the username from. + /// This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email". pub path: String, - /// Prefix allows a prefix to be stripped from the username, once extracted from the certificate path. + /// Prefix allows a prefix to be stripped from the username, once extracted from the + /// certificate path. #[serde(default, skip_serializing_if = "Option::is_none")] pub prefix: Option, } -/// TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies. +/// TLS defines the TLS configuration for the cluster including +/// server and client certificate configuration, and TLS security policies. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingTlsClientCertificatePolicy { #[serde(rename = "enable")] @@ -1026,7 +2087,8 @@ pub enum CouchbaseClusterNetworkingTlsClientCertificatePolicy { Mandatory, } -/// TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies. +/// TLS defines the TLS configuration for the cluster including +/// server and client certificate configuration, and TLS security policies. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingTlsNodeToNodeEncryption { ControlPlaneOnly, @@ -1034,18 +2096,29 @@ pub enum CouchbaseClusterNetworkingTlsNodeToNodeEncryption { Strict, } -/// PassphraseConfig configures the passphrase key to use with encrypted certificates. The passphrase may be registered with Couchbase Server using a local script or a rest endpoint. Private key encryption is only available on Couchbase Server versions 7.1 and greater. +/// PassphraseConfig configures the passphrase key to use with encrypted certificates. +/// The passphrase may be registered with Couchbase Server using a local script or a +/// rest endpoint. Private key encryption is only available on Couchbase Server +/// versions 7.1 and greater. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTlsPassphrase { - /// PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces. + /// PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. + /// When the private key is accessed, Couchbase Server attempts to extract the password by means of the + /// specified endpoint. The response status must be 200 and the response text must be the exact passphrase + /// excluding newlines and extraneous spaces. #[serde(default, skip_serializing_if = "Option::is_none")] pub rest: Option, - /// PassphraseScriptConfig is the configuration to register a private key passphrase with a script. The Operator auto-provisions the underlying script so this config simply provides a mechanism to perform the decryption of the Couchbase Private Key using a local script. + /// PassphraseScriptConfig is the configuration to register a private key passphrase with a script. + /// The Operator auto-provisions the underlying script so this config simply provides a mechanism + /// to perform the decryption of the Couchbase Private Key using a local script. #[serde(default, skip_serializing_if = "Option::is_none")] pub script: Option, } -/// PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces. +/// PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. +/// When the private key is accessed, Couchbase Server attempts to extract the password by means of the +/// specified endpoint. The response status must be 200 and the response text must be the exact passphrase +/// excluding newlines and extraneous spaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTlsPassphraseRest { /// AddressFamily is the address family to use. By default inet (meaning IPV4) is used. @@ -1057,14 +2130,18 @@ pub struct CouchbaseClusterNetworkingTlsPassphraseRest { /// Timeout is the number of milliseconds that must elapse before the call is timed out. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, - /// URL is the endpoint to be called to retrieve the passphrase. URL will be called using the GET method and may use http/https protocol. + /// URL is the endpoint to be called to retrieve the passphrase. + /// URL will be called using the GET method and may use http/https protocol. pub url: String, /// VerifyPeer ensures peer verification is performed when Https is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyPeer")] pub verify_peer: Option, } -/// PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces. +/// PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. +/// When the private key is accessed, Couchbase Server attempts to extract the password by means of the +/// specified endpoint. The response status must be 200 and the response text must be the exact passphrase +/// excluding newlines and extraneous spaces. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingTlsPassphraseRestAddressFamily { #[serde(rename = "inet")] @@ -1073,36 +2150,67 @@ pub enum CouchbaseClusterNetworkingTlsPassphraseRestAddressFamily { Inet6, } -/// PassphraseScriptConfig is the configuration to register a private key passphrase with a script. The Operator auto-provisions the underlying script so this config simply provides a mechanism to perform the decryption of the Couchbase Private Key using a local script. +/// PassphraseScriptConfig is the configuration to register a private key passphrase with a script. +/// The Operator auto-provisions the underlying script so this config simply provides a mechanism +/// to perform the decryption of the Couchbase Private Key using a local script. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTlsPassphraseScript { - /// Secret is the secret containing the passphrase string. The secret is expected to contain "passphrase" key with the passphrase string as a value. + /// Secret is the secret containing the passphrase string. The secret is expected + /// to contain "passphrase" key with the passphrase string as a value. pub secret: String, } -/// SecretSource enables the user to specify a secret conforming to the Kubernetes TLS secret specification that is used for the Couchbase server certificate, and optionally the Operator's client certificate, providing cert-manager compatibility without having to specify a separate root CA. A server CA certificate must be supplied by one of the provided methods. Certificates referred to must conform to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" type secrets cannot verify encrypted keys. +/// SecretSource enables the user to specify a secret conforming to the Kubernetes TLS +/// secret specification that is used for the Couchbase server certificate, and optionally +/// the Operator's client certificate, providing cert-manager compatibility without having +/// to specify a separate root CA. A server CA certificate must be supplied by one of the +/// provided methods. Certificates referred to must conform to the keys of well-known type +/// "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted +/// private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" +/// type secrets cannot verify encrypted keys. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTlsSecretSource { - /// ClientSecretName specifies the secret name, in the same namespace as the cluster, the contains client TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the Kubernetes.io/tls secret type. + /// ClientSecretName specifies the secret name, in the same namespace as the cluster, + /// the contains client TLS data. The secret is expected to contain "tls.crt" and + /// "tls.key" as per the Kubernetes.io/tls secret type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientSecretName")] pub client_secret_name: Option, - /// ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". Only a single PEM formated x509 certificate can be provided to "ca.crt". The single certificate may also bundle together multiple root CA certificates. Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater. + /// ServerSecretName specifies the secret name, in the same namespace as the cluster, + /// that contains server TLS data. The secret is expected to contain "tls.crt" and + /// "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". + /// Only a single PEM formated x509 certificate can be provided to "ca.crt". + /// The single certificate may also bundle together multiple root CA certificates. + /// Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater. #[serde(rename = "serverSecretName")] pub server_secret_name: String, } -/// DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. Static enables user to generate static x509 certificates and keys, put them into Kubernetes secrets, and specify them here. Static secrets are Couchbase specific, and follow no well-known standards. +/// DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. +/// Static enables user to generate static x509 certificates and keys, +/// put them into Kubernetes secrets, and specify them here. Static secrets +/// are Couchbase specific, and follow no well-known standards. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterNetworkingTlsStatic { - /// OperatorSecret is a secret name containing TLS certs used by operator to talk securely to this cluster. The secret must contain a CA certificate (data key ca.crt). If client authentication is enabled, then the secret must also contain a client certificate chain (data key "couchbase-operator.crt") and private key (data key "couchbase-operator.key"). + /// OperatorSecret is a secret name containing TLS certs used by operator to + /// talk securely to this cluster. The secret must contain a CA certificate (data key + /// ca.crt). If client authentication is enabled, then the secret must also contain + /// a client certificate chain (data key "couchbase-operator.crt") and private key + /// (data key "couchbase-operator.key"). #[serde(default, skip_serializing_if = "Option::is_none", rename = "operatorSecret")] pub operator_secret: Option, - /// ServerSecret is a secret name containing TLS certs used by each Couchbase member pod for the communication between Couchbase server and its clients. The secret must contain a certificate chain (data key "chain.pem") and a private key (data key "pkey.key"). The private key must be in the PKCS#1 RSA format. The certificate chain must have a required set of X.509v3 subject alternative names for all cluster addressing modes. See the Operator TLS documentation for more information. + /// ServerSecret is a secret name containing TLS certs used by each Couchbase member pod + /// for the communication between Couchbase server and its clients. The secret must + /// contain a certificate chain (data key "chain.pem") and a private + /// key (data key "pkey.key"). The private key must be in the PKCS#1 RSA + /// format. The certificate chain must have a required set of X.509v3 subject alternative + /// names for all cluster addressing modes. See the Operator TLS documentation for more + /// information. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverSecret")] pub server_secret: Option, } -/// TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies. +/// TLS defines the TLS configuration for the cluster including +/// server and client certificate configuration, and TLS security policies. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterNetworkingTlsTlsMinimumVersion { #[serde(rename = "TLS1.0")] @@ -1115,7 +2223,8 @@ pub enum CouchbaseClusterNetworkingTlsTlsMinimumVersion { Tls13, } -/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized. +/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows +/// the cluster to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterPlatform { #[serde(rename = "aws")] @@ -1126,96 +2235,163 @@ pub enum CouchbaseClusterPlatform { Azure, } -/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized. +/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows +/// the cluster to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterRecoveryPolicy { PrioritizeDataIntegrity, PrioritizeUptime, } -/// When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased. +/// When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod +/// at a time. If this field is specified then that number can be increased. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterRollingUpgrade { - /// MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if both are defined. + /// MaxUpgradable allows the number of pods affected by an upgrade at any + /// one time to be increased. By default a rolling upgrade will + /// upgrade one pod at a time. This field allows that limit to be removed. + /// This field must be greater than zero. + /// The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if + /// both are defined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUpgradable")] pub max_upgradable: Option, - /// MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if both are defined. + /// MaxUpgradablePercent allows the number of pods affected by an upgrade at any + /// one time to be increased. By default a rolling upgrade will + /// upgrade one pod at a time. This field allows that limit to be removed. + /// This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. + /// Percentages are relative to the total cluster size, and rounded down to + /// the nearest whole number, with a minimum of 1. For example, a 10 pod + /// cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, + /// rounded down to 2. + /// The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if + /// both are defined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxUpgradablePercent")] pub max_upgradable_percent: Option, } -/// Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings. +/// Security defines Couchbase cluster security options such as the administrator +/// account username and password, and user RBAC settings. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurity { - /// AdminSecret is the name of a Kubernetes secret to use for administrator authentication. The admin secret must contain the keys "username" and "password". The password data must be at least 6 characters in length, and not contain the any of the characters `()<>,;:\"/[]?={}`. + /// AdminSecret is the name of a Kubernetes secret to use for administrator authentication. + /// The admin secret must contain the keys "username" and "password". The password data + /// must be at least 6 characters in length, and not contain the any of the characters + /// `()<>,;:\"/[]?={}`. #[serde(rename = "adminSecret")] pub admin_secret: String, - /// LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server's LDAP configuration. Leave empty to manually manage LDAP configuration. + /// LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. + /// When specified, the Operator keeps these settings in sync with Cocuhbase Server's + /// LDAP configuration. Leave empty to manually manage LDAP configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub ldap: Option, - /// PodSecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + /// PodSecurityContext allows the configuration of the security context for all + /// Couchbase server pods. When using persistent volumes you may need to set + /// the fsGroup field in order to write to the volume. For non-root clusters + /// you must also set runAsUser to 1000, corresponding to the Couchbase user + /// in official container images. More info: + /// https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurityContext")] pub pod_security_context: Option, /// RBAC is the options provided for enabling and selecting RBAC User resources to manage. #[serde(default, skip_serializing_if = "Option::is_none")] pub rbac: Option, - /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + /// SecurityContext defines the security options the container should be run with. + /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + /// Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. + /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, - /// UISessionTimeout sets how long, in minutes, before a user is declared inactive and signed out from the Couchbase Server UI. 0 represents no time out. + /// UISessionTimeout sets how long, in minutes, before a user is declared inactive + /// and signed out from the Couchbase Server UI. + /// 0 represents no time out. #[serde(default, skip_serializing_if = "Option::is_none", rename = "uiSessionTimeout")] pub ui_session_timeout: Option, } -/// LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server's LDAP configuration. Leave empty to manually manage LDAP configuration. +/// LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. +/// When specified, the Operator keeps these settings in sync with Cocuhbase Server's +/// LDAP configuration. Leave empty to manually manage LDAP configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityLdap { - /// AuthenticationEnabled allows users who attempt to access Couchbase Server without having been added as local users to be authenticated against the specified LDAP Host(s). + /// AuthenticationEnabled allows users who attempt to access Couchbase Server without having been + /// added as local users to be authenticated against the specified LDAP Host(s). #[serde(default, skip_serializing_if = "Option::is_none", rename = "authenticationEnabled")] pub authentication_enabled: Option, - /// AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to any Couchbase Server group associated with the user. + /// AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to + /// any Couchbase Server group associated with the user. #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationEnabled")] pub authorization_enabled: Option, - /// DN to use for searching users and groups synchronization. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + /// DN to use for searching users and groups synchronization. More info: + /// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "bindDN")] pub bind_dn: Option, - /// BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. The bindSecret must have a key with the name "password" and a value which corresponds to the password of the binding LDAP user. + /// BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. + /// The bindSecret must have a key with the name "password" and a value which corresponds to the + /// password of the binding LDAP user. #[serde(rename = "bindSecret")] pub bind_secret: String, - /// DEPRECATED - Field is ignored, use tlsSecret. CA Certificate in PEM format to be used in LDAP server certificate validation. This cert is the string form of the secret provided to `spec.tls.tlsSecret`. + /// DEPRECATED - Field is ignored, use tlsSecret. + /// CA Certificate in PEM format to be used in LDAP server certificate validation. + /// This cert is the string form of the secret provided to `spec.tls.tlsSecret`. #[serde(default, skip_serializing_if = "Option::is_none")] pub cacert: Option, - /// Lifetime of values in cache in milliseconds. Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + /// Lifetime of values in cache in milliseconds. Default 300000 ms. More info: + /// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "cacheValueLifetime")] pub cache_value_lifetime: Option, - /// Encryption determines how the connection with the LDAP server should be encrypted. Encryption may set as either StartTLSExtension, TLS, or false. When set to "false" then no verification of the LDAP hostname is performed. When Encryption is StartTLSExtension, or TLS is set then the default behavior is to use the certificate already loaded into the Couchbase Cluster for certificate validation, otherwise `ldap.tlsSecret` may be set to override The Couchbase certificate. + /// Encryption determines how the connection with the LDAP server should be encrypted. + /// Encryption may set as either StartTLSExtension, TLS, or false. + /// When set to "false" then no verification of the LDAP hostname is performed. + /// When Encryption is StartTLSExtension, or TLS is set then the default behavior is to + /// use the certificate already loaded into the Couchbase Cluster for certificate validation, + /// otherwise `ldap.tlsSecret` may be set to override The Couchbase certificate. #[serde(default, skip_serializing_if = "Option::is_none")] pub encryption: Option, - /// LDAP query, to get the users' groups by username in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + /// LDAP query, to get the users' groups by username in RFC4516 format. More info: + /// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "groupsQuery")] pub groups_query: Option, - /// List of LDAP hosts to provide authentication-support for Couchbase Server. Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147. + /// List of LDAP hosts to provide authentication-support for Couchbase Server. + /// Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147. pub hosts: Vec, - /// If enabled Couchbase server will try to recursively search for groups for every discovered ldap group. groups_query will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + /// Sets middlebox compatibility mode for LDAP. This option is only available on + /// Couchbase Server 7.6.0+. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "middleboxCompMode")] + pub middlebox_comp_mode: Option, + /// If enabled Couchbase server will try to recursively search for groups + /// for every discovered ldap group. groups_query will be user for the search. + /// More info: + /// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "nestedGroupsEnabled")] pub nested_groups_enabled: Option, - /// Maximum number of recursive groups requests the server is allowed to perform. Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + /// Maximum number of recursive groups requests the server is allowed to perform. + /// Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. + /// More info: + /// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "nestedGroupsMaxDepth")] pub nested_groups_max_depth: Option, - /// LDAP port. This is typically 389 for LDAP, and 636 for LDAPS. + /// LDAP port. + /// This is typically 389 for LDAP, and 636 for LDAPS. pub port: i64, /// Whether server certificate validation be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverCertValidation")] pub server_cert_validation: Option, - /// TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. If TLSSecret is not provided, certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` will be used instead. If provided, the secret must contain the ca to be used under the name "ca.crt". + /// TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. + /// If TLSSecret is not provided, certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` + /// will be used instead. + /// If provided, the secret must contain the ca to be used under the name "ca.crt". #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsSecret")] pub tls_secret: Option, - /// User to distinguished name (DN) mapping. If none is specified, the username is used as the user’s distinguished name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + /// User to distinguished name (DN) mapping. If none is specified, + /// the username is used as the user’s distinguished name. More info: + /// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "userDNMapping")] pub user_dn_mapping: Option, } -/// LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server's LDAP configuration. Leave empty to manually manage LDAP configuration. +/// LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. +/// When specified, the Operator keeps these settings in sync with Cocuhbase Server's +/// LDAP configuration. Leave empty to manually manage LDAP configuration. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterSecurityLdapEncryption { None, @@ -1225,55 +2401,116 @@ pub enum CouchbaseClusterSecurityLdapEncryption { Tls, } -/// User to distinguished name (DN) mapping. If none is specified, the username is used as the user’s distinguished name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html +/// User to distinguished name (DN) mapping. If none is specified, +/// the username is used as the user’s distinguished name. More info: +/// https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityLdapUserDnMapping { /// Query is the LDAP query to run to map from Couchbase user to LDAP distinguished name. #[serde(default, skip_serializing_if = "Option::is_none")] pub query: Option, - /// This field specifies list of templates to use for providing username to DN mapping. The template may contain a placeholder specified as `%u` to represent the Couchbase user who is attempting to gain access. + /// This field specifies list of templates to use for providing username to DN mapping. + /// The template may contain a placeholder specified as `%u` to represent the Couchbase + /// user who is attempting to gain access. #[serde(default, skip_serializing_if = "Option::is_none")] pub template: Option, } -/// PodSecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +/// PodSecurityContext allows the configuration of the security context for all +/// Couchbase server pods. When using persistent volumes you may need to set +/// the fsGroup field in order to write to the volume. For non-root clusters +/// you must also set runAsUser to 1000, corresponding to the Couchbase user +/// in official container images. More info: +/// https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityPodSecurityContext { - /// A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - /// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - /// If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, - /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] pub fs_group_change_policy: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, - /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, - /// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityPodSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1290,14 +2527,23 @@ pub struct CouchbaseClusterSecurityPodSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityPodSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } @@ -1311,19 +2557,30 @@ pub struct CouchbaseClusterSecurityPodSecurityContextSysctls { pub value: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityPodSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } @@ -1334,73 +2591,127 @@ pub struct CouchbaseClusterSecurityRbac { /// Managed defines whether RBAC is managed by us or the clients. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator. + /// Selector is a label selector used to list RBAC resources in the namespace + /// that are managed by the Operator. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } -/// Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator. +/// Selector is a label selector used to list RBAC resources in the namespace +/// that are managed by the Operator. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityRbacSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityRbacSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +/// SecurityContext defines the security options the container should be run with. +/// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +/// Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. +/// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecuritySecurityContext { - /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. + /// AllowPrivilegeEscalation controls whether a process can gain more + /// privileges than its parent process. This bool directly controls if + /// the no_new_privs flag will be set on the container process. + /// AllowPrivilegeEscalation is true always when the container is: + /// 1) run as Privileged + /// 2) has CAP_SYS_ADMIN + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, - /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + /// The capabilities to add/drop when running containers. + /// Defaults to the default set of capabilities granted by the container runtime. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, - /// Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. + /// Run container in privileged mode. + /// Processes in privileged containers are essentially equivalent to root on the host. + /// Defaults to false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, - /// procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. + /// procMount denotes the type of proc mount to use for the containers. + /// The default is DefaultProcMount which uses the container runtime defaults for + /// readonly paths and masked paths. + /// This requires the ProcMountType feature flag to be enabled. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")] pub proc_mount: Option, - /// Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + /// Whether this container has a read-only root filesystem. + /// Default is false. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyRootFilesystem")] pub read_only_root_filesystem: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to the container. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by this container. If seccomp options are + /// provided at both the pod & container level, the container options + /// override the pod options. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options from the PodSecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +/// The capabilities to add/drop when running containers. +/// Defaults to the default set of capabilities granted by the container runtime. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecuritySecurityContextCapabilities { /// Added capabilities @@ -1411,7 +2722,11 @@ pub struct CouchbaseClusterSecuritySecurityContextCapabilities { pub drop: Option>, } -/// The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to the container. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in PodSecurityContext. If set in both SecurityContext and +/// PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecuritySecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1428,73 +2743,153 @@ pub struct CouchbaseClusterSecuritySecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by this container. If seccomp options are +/// provided at both the pod & container level, the container options +/// override the pod options. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecuritySecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options from the PodSecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecuritySecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } -/// DEPRECATED - by spec.security.securityContext SecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +/// DEPRECATED - by spec.security.securityContext +/// SecurityContext allows the configuration of the security context for all +/// Couchbase server pods. When using persistent volumes you may need to set +/// the fsGroup field in order to write to the volume. For non-root clusters +/// you must also set runAsUser to 1000, corresponding to the Couchbase user +/// in official container images. More info: +/// https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityContext { - /// A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - /// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - /// If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, - /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] pub fs_group_change_policy: Option, - /// The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] pub run_as_group: Option, - /// Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] pub run_as_non_root: Option, - /// The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] pub run_as_user: Option, - /// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] pub se_linux_options: Option, - /// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, - /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, - /// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] pub windows_options: Option, } -/// The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityContextSeLinuxOptions { /// Level is SELinux level label that applies to the container. @@ -1511,14 +2906,23 @@ pub struct CouchbaseClusterSecurityContextSeLinuxOptions { pub user: Option, } -/// The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, - /// type indicates which kind of seccomp profile will be applied. Valid options are: - /// Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. #[serde(rename = "type")] pub r#type: String, } @@ -1532,26 +2936,40 @@ pub struct CouchbaseClusterSecurityContextSysctls { pub value: String, } -/// The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterSecurityContextWindowsOptions { - /// GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] pub gmsa_credential_spec: Option, /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, - /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] pub run_as_user_name: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServers { - /// AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA). + /// AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. + /// When true, the Operator will create a CouchbaseAutoscaler resource for this + /// server class. The CouchbaseAutoscaler implements the Kubernetes scale API and + /// can be controlled by the Kubernetes horizontal pod autoscaler (HPA). #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoscaleEnabled")] pub autoscale_enabled: Option, /// Env allows the setting of environment variables in the Couchbase server container. @@ -1560,20 +2978,49 @@ pub struct CouchbaseClusterServers { /// EnvFrom allows the setting of environment variables in the Couchbase server container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, - /// Name is a textual name for the server configuration and must be unique. The name is used by the operator to uniquely identify a server class, and map pods back to an intended configuration. + /// Image is the container image name that will be used to launch Couchbase + /// server instances in this server class. You cannot downgrade the Couchbase + /// version. Across spec.image and all server classes there can only be two + /// different Couchbase images. Updating this field to a value different than + /// spec.image will cause an automatic upgrade of the server class. If it isn't + /// specified then the cluster image will be used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// Name is a textual name for the server configuration and must be unique. + /// The name is used by the operator to uniquely identify a server class, + /// and map pods back to an intended configuration. pub name: String, - /// Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core + /// Pod defines a template used to create pod for each Couchbase server + /// instance. Modifying pod metadata such as labels and annotations will + /// update the pod in-place. Any other modification will result in a cluster + /// upgrade in order to fulfill the request. The Operator reserves the right + /// to modify or replace any field. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core #[serde(default, skip_serializing_if = "Option::is_none")] pub pod: Option, - /// Resources are the resource requirements for the Couchbase server container. This field overrides any automatic allocation as defined by `spec.autoResourceAllocation`. + /// Resources are the resource requirements for the Couchbase server container. + /// This field overrides any automatic allocation as defined by + /// `spec.autoResourceAllocation`. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups. + /// ServerGroups define the set of availability zones you want to distribute + /// pods over, and construct Couchbase server groups for. By default, most + /// cloud providers will label nodes with the key "topology.kubernetes.io/zone", + /// the values associated with that key are used here to provide explicit + /// scheduling by the Operator. You may manually label nodes using the + /// "topology.kubernetes.io/zone" key, to provide failure-domain + /// aware scheduling when none is provided for you. Global server groups are + /// applied to all server classes, and may be overridden on a per-server class + /// basis to give more control over scheduling and server groups. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverGroups")] pub server_groups: Option>, - /// Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. + /// Services is the set of Couchbase services to run on this server class. + /// At least one class must contain the data service. The field may contain + /// any of "data", "index", "query", "search", "eventing" or "analytics". + /// Each service may only be specified once. pub services: Vec, - /// Size is the expected requested of the server class. This field must be greater than or equal to 1. + /// Size is the expected requested of the server class. This field + /// must be greater than or equal to 1. pub size: i64, /// VolumeMounts define persistent volume claims to attach to pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] @@ -1585,7 +3032,15 @@ pub struct CouchbaseClusterServers { pub struct CouchbaseClusterServersEnv { /// Name of the environment variable. Must be a C_IDENTIFIER. pub name: String, - /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, /// Source for the environment variable's value. Cannot be used if value is not empty. @@ -1599,10 +3054,12 @@ pub struct CouchbaseClusterServersEnvValueFrom { /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] pub resource_field_ref: Option, /// Selects a key of a secret in the pod's namespace @@ -1615,7 +3072,9 @@ pub struct CouchbaseClusterServersEnvValueFrom { pub struct CouchbaseClusterServersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1623,7 +3082,8 @@ pub struct CouchbaseClusterServersEnvValueFromConfigMapKeyRef { pub optional: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersEnvValueFromFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -1634,7 +3094,8 @@ pub struct CouchbaseClusterServersEnvValueFromFieldRef { pub field_path: String, } -/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersEnvValueFromResourceFieldRef { /// Container name: required for volumes, optional for env vars @@ -1652,7 +3113,9 @@ pub struct CouchbaseClusterServersEnvValueFromResourceFieldRef { pub struct CouchbaseClusterServersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1677,7 +3140,9 @@ pub struct CouchbaseClusterServersEnvFrom { /// The ConfigMap to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersEnvFromConfigMapRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1688,7 +3153,9 @@ pub struct CouchbaseClusterServersEnvFromConfigMapRef { /// The Secret to select from #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersEnvFromSecretRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1696,10 +3163,16 @@ pub struct CouchbaseClusterServersEnvFromSecretRef { pub optional: Option, } -/// Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core +/// Pod defines a template used to create pod for each Couchbase server +/// instance. Modifying pod metadata such as labels and annotations will +/// update the pod in-place. Any other modification will result in a cluster +/// upgrade in order to fulfill the request. The Operator reserves the right +/// to modify or replace any field. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPod { - /// Standard objects metadata. This is a curated version for use with Couchbase resource templates. + /// Standard objects metadata. This is a curated version for use with Couchbase + /// resource templates. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, /// PodSpec is a description of a pod. @@ -1707,13 +3180,19 @@ pub struct CouchbaseClusterServersPod { pub spec: Option, } -/// Standard objects metadata. This is a curated version for use with Couchbase resource templates. +/// Standard objects metadata. This is a curated version for use with Couchbase +/// resource templates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodMetadata { - /// Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + /// Annotations is an unstructured key value map stored with a resource that + /// may be set by external tools to store and retrieve arbitrary metadata. They + /// are not queryable and should be preserved when modifying objects. More + /// info: http://kubernetes.io/docs/user-guide/annotations #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels + /// Map of string keys and values that can be used to organize and categorize + /// (scope and select) objects. May match selectors of replication controllers + /// and services. More info: http://kubernetes.io/docs/user-guide/labels #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, } @@ -1721,7 +3200,9 @@ pub struct CouchbaseClusterServersPodMetadata { /// PodSpec is a description of a pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpec { - /// Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. + /// Optional duration in seconds the pod may be active on the node relative to + /// StartTime before the system will actively try to mark it failed and kill associated containers. + /// Value must be a positive integer. #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeDeadlineSeconds")] pub active_deadline_seconds: Option, /// If specified, the pod's scheduling constraints @@ -1730,78 +3211,197 @@ pub struct CouchbaseClusterServersPodSpec { /// AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "automountServiceAccountToken")] pub automount_service_account_token: Option, - /// Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. + /// Specifies the DNS parameters of a pod. + /// Parameters specified here will be merged to the generated DNS + /// configuration based on DNSPolicy. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dnsConfig")] pub dns_config: Option, - /// Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + /// Set DNS policy for the pod. + /// Defaults to "ClusterFirst". + /// Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + /// DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + /// To have DNS options set along with hostNetwork, you have to specify DNS policy + /// explicitly to 'ClusterFirstWithHostNet'. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dnsPolicy")] pub dns_policy: Option, - /// EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. + /// EnableServiceLinks indicates whether information about services should be injected into pod's + /// environment variables, matching the syntax of Docker links. + /// Optional: Defaults to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableServiceLinks")] pub enable_service_links: Option, - /// Use the host's ipc namespace. Optional: Default to false. + /// Use the host's ipc namespace. + /// Optional: Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostIPC")] pub host_ipc: Option, - /// Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. + /// Host networking requested for this pod. Use the host's network namespace. + /// If this option is set, the ports that will be used must be specified. + /// Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetwork")] pub host_network: Option, - /// Use the host's pid namespace. Optional: Default to false. + /// Use the host's pid namespace. + /// Optional: Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPID")] pub host_pid: Option, - /// Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + /// Use the host's user namespace. + /// Optional: Default to true. + /// If set to true or not present, the pod will be run in the host user namespace, useful + /// for when the pod needs a feature only available to the host user namespace, such as + /// loading a kernel module with CAP_SYS_MODULE. + /// When set to false, a new userns is created for the pod. Setting false is useful for + /// mitigating container breakout vulnerabilities even allowing users to run their + /// containers as root without actually having root privileges on the host. + /// This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostUsers")] pub host_users: Option, - /// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + /// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + /// If specified, these secrets will be passed to individual puller implementations for them to use. + /// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullSecrets")] pub image_pull_secrets: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. + /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + /// the scheduler simply schedules this pod onto that node, assuming that it fits resource + /// requirements. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, - /// NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + /// NodeSelector is a selector which must be true for the pod to fit on a node. + /// Selector which must match a node's labels for the pod to be scheduled on that node. + /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. - /// If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions - /// If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup + /// Specifies the OS of the containers in the pod. + /// Some pod and container fields are restricted if this is set. + /// + /// + /// If the OS field is set to linux, the following fields must be unset: + /// -securityContext.windowsOptions + /// + /// + /// If the OS field is set to windows, following fields must be unset: + /// - spec.hostPID + /// - spec.hostIPC + /// - spec.hostUsers + /// - spec.securityContext.seLinuxOptions + /// - spec.securityContext.seccompProfile + /// - spec.securityContext.fsGroup + /// - spec.securityContext.fsGroupChangePolicy + /// - spec.securityContext.sysctls + /// - spec.shareProcessNamespace + /// - spec.securityContext.runAsUser + /// - spec.securityContext.runAsGroup + /// - spec.securityContext.supplementalGroups + /// - spec.containers[*].securityContext.seLinuxOptions + /// - spec.containers[*].securityContext.seccompProfile + /// - spec.containers[*].securityContext.capabilities + /// - spec.containers[*].securityContext.readOnlyRootFilesystem + /// - spec.containers[*].securityContext.privileged + /// - spec.containers[*].securityContext.allowPrivilegeEscalation + /// - spec.containers[*].securityContext.procMount + /// - spec.containers[*].securityContext.runAsUser + /// - spec.containers[*].securityContext.runAsGroup #[serde(default, skip_serializing_if = "Option::is_none")] pub os: Option, - /// Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + /// Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + /// This field will be autopopulated at admission time by the RuntimeClass admission controller. If + /// the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + /// The RuntimeClass admission controller will reject Pod create requests which have the overhead already + /// set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + /// defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + /// More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub overhead: Option>, - /// PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. + /// PreemptionPolicy is the Policy for preempting pods with lower priority. + /// One of Never, PreemptLowerPriority. + /// Defaults to PreemptLowerPriority if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preemptionPolicy")] pub preemption_policy: Option, - /// The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. + /// The priority value. Various system components use this field to find the + /// priority of the pod. When Priority Admission Controller is enabled, it + /// prevents users from setting this field. The admission controller populates + /// this field from PriorityClassName. + /// The higher the value, the higher the priority. #[serde(default, skip_serializing_if = "Option::is_none")] pub priority: Option, - /// If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + /// If specified, indicates the pod's priority. "system-node-critical" and + /// "system-cluster-critical" are two special keywords which indicate the + /// highest priorities with the former being the highest priority. Any other + /// name must be defined by creating a PriorityClass object with that name. + /// If not specified, the pod priority will be default or zero if there is no + /// default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "priorityClassName")] pub priority_class_name: Option, - /// RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + /// ResourceClaims defines which ResourceClaims must be allocated + /// and reserved before the Pod is allowed to start. The resources + /// will be made available to those containers which consume them + /// by name. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] + pub resource_claims: Option>, + /// RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + /// to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + /// If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + /// empty definition that uses the default runtime handler. + /// More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class #[serde(default, skip_serializing_if = "Option::is_none", rename = "runtimeClassName")] pub runtime_class_name: Option, - /// If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. + /// If specified, the pod will be dispatched by specified scheduler. + /// If not specified, the pod will be dispatched by default scheduler. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] pub scheduler_name: Option, - /// DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead. + /// SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + /// scheduler will not attempt to schedule the pod. + /// + /// + /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. + /// + /// + /// This is a beta feature enabled by the PodSchedulingReadiness feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] + pub scheduling_gates: Option>, + /// DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + /// Deprecated: Use serviceAccountName instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] pub service_account: Option, - /// ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + /// ServiceAccountName is the name of the ServiceAccount to use to run this pod. + /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] pub service_account_name: Option, - /// If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. + /// If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + /// In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + /// In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + /// If a pod does not have FQDN, this has no effect. + /// Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "setHostnameAsFQDN")] pub set_hostname_as_fqdn: Option, - /// Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. + /// Share a single process namespace between all of the containers in a pod. + /// When this is set containers will be able to view and signal processes from other containers + /// in the same pod, and the first process in each container will not be assigned PID 1. + /// HostPID and ShareProcessNamespace cannot both be set. + /// Optional: Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "shareProcessNamespace")] pub share_process_namespace: Option, - /// Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. + /// Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + /// Value must be non-negative integer. The value zero indicates stop immediately via + /// the kill signal (no opportunity to shut down). + /// If this value is nil, the default grace period will be used instead. + /// The grace period is the duration in seconds after the processes running in the pod are sent + /// a termination signal and the time when the processes are forcibly halted with a kill signal. + /// Set this value longer than the expected cleanup time for your process. + /// Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, /// If specified, the pod's tolerations. #[serde(default, skip_serializing_if = "Option::is_none")] pub tolerations: Option>, - /// TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + /// TopologySpreadConstraints describes how a group of pods ought to spread across topology + /// domains. Scheduler will schedule pods in a way which abides by the constraints. + /// All topologySpreadConstraints are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, } @@ -1823,15 +3423,28 @@ pub struct CouchbaseClusterServersPodSpecAffinity { /// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -1851,31 +3464,47 @@ pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityPreferredDuringSche pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -1883,7 +3512,9 @@ pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSched pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -1894,26 +3525,38 @@ pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSched pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -1921,10 +3564,24 @@ pub struct CouchbaseClusterServersPodSpecAffinityNodeAffinityRequiredDuringSched /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -1935,7 +3592,8 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSched /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -1945,13 +3603,24 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSched /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1962,59 +3631,93 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSched /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -2025,42 +3728,60 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityRequiredDuringSchedu /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -2068,10 +3789,24 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAffinityRequiredDuringSchedu /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -2082,7 +3817,8 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringS /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -2092,13 +3828,24 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringS /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -2109,59 +3856,93 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringS /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -2172,56 +3953,83 @@ pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityRequiredDuringSc /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. +/// Specifies the DNS parameters of a pod. +/// Parameters specified here will be merged to the generated DNS +/// configuration based on DNSPolicy. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecDnsConfig { - /// A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. + /// A list of DNS name server IP addresses. + /// This will be appended to the base nameservers generated from DNSPolicy. + /// Duplicated nameservers will be removed. #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. + /// A list of DNS resolver options. + /// This will be merged with the base options generated from DNSPolicy. + /// Duplicated entries will be removed. Resolution options given in Options + /// will override those that appear in the base DNSPolicy. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. + /// A list of DNS search domains for host-name lookup. + /// This will be appended to the base search paths generated from DNSPolicy. + /// Duplicated search paths will be removed. #[serde(default, skip_serializing_if = "Option::is_none")] pub searches: Option>, } @@ -2236,39 +4044,128 @@ pub struct CouchbaseClusterServersPodSpecDnsConfigOptions { pub value: Option, } -/// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +/// LocalObjectReference contains enough information to let you locate the +/// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecImagePullSecrets { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. -/// If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions -/// If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup +/// Specifies the OS of the containers in the pod. +/// Some pod and container fields are restricted if this is set. +/// +/// +/// If the OS field is set to linux, the following fields must be unset: +/// -securityContext.windowsOptions +/// +/// +/// If the OS field is set to windows, following fields must be unset: +/// - spec.hostPID +/// - spec.hostIPC +/// - spec.hostUsers +/// - spec.securityContext.seLinuxOptions +/// - spec.securityContext.seccompProfile +/// - spec.securityContext.fsGroup +/// - spec.securityContext.fsGroupChangePolicy +/// - spec.securityContext.sysctls +/// - spec.shareProcessNamespace +/// - spec.securityContext.runAsUser +/// - spec.securityContext.runAsGroup +/// - spec.securityContext.supplementalGroups +/// - spec.containers[*].securityContext.seLinuxOptions +/// - spec.containers[*].securityContext.seccompProfile +/// - spec.containers[*].securityContext.capabilities +/// - spec.containers[*].securityContext.readOnlyRootFilesystem +/// - spec.containers[*].securityContext.privileged +/// - spec.containers[*].securityContext.allowPrivilegeEscalation +/// - spec.containers[*].securityContext.procMount +/// - spec.containers[*].securityContext.runAsUser +/// - spec.containers[*].securityContext.runAsGroup #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecOs { - /// Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null + /// Name is the name of the operating system. The currently supported values are linux and windows. + /// Additional value may be defined in future and can be one of: + /// https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + /// Clients should expect to handle additional values and treat unrecognized values in this field as os: null pub name: String, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. +/// Containers that need access to the ResourceClaim reference it with this name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterServersPodSpecResourceClaims { + /// Name uniquely identifies this resource claim inside the pod. + /// This must be a DNS_LABEL. + pub name: String, + /// Source describes where to find the ResourceClaim. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, +} + +/// Source describes where to find the ResourceClaim. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterServersPodSpecResourceClaimsSource { + /// ResourceClaimName is the name of a ResourceClaim object in the same + /// namespace as this pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] + pub resource_claim_name: Option, + /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate + /// object in the same namespace as this pod. + /// + /// + /// The template will be used to create a new ResourceClaim, which will + /// be bound to this pod. When this pod is deleted, the ResourceClaim + /// will also be deleted. The pod name and resource name, along with a + /// generated component, will be used to form a unique name for the + /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + /// + /// + /// This field is immutable and no changes will be made to the + /// corresponding ResourceClaim by the control plane after creating the + /// ResourceClaim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] + pub resource_claim_template_name: Option, +} + +/// PodSchedulingGate is associated to a Pod to guard its scheduling. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterServersPodSpecSchedulingGates { + /// Name of the scheduling gate. + /// Each scheduling gate must have a unique name field. + pub name: String, +} + +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -2276,91 +4173,253 @@ pub struct CouchbaseClusterServersPodSpecTolerations { /// TopologySpreadConstraint specifies how to spread matching pods among the given topology. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + /// LabelSelector is used to find matching pods. + /// Pods that match this label selector are counted to determine the number of pods + /// in their corresponding topology domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// MatchLabelKeys is a set of pod label keys to select the pods over which + /// spreading will be calculated. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are ANDed with labelSelector + /// to select the group of existing pods over which spreading will be calculated + /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// MatchLabelKeys cannot be set when LabelSelector isn't set. + /// Keys that don't exist in the incoming pod labels will + /// be ignored. A null or empty list means only match against labelSelector. + /// + /// + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, - /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + /// MaxSkew describes the degree to which pods may be unevenly distributed. + /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + /// between the number of matching pods in the target topology and the global minimum. + /// The global minimum is the minimum number of matching pods in an eligible domain + /// or zero if the number of eligible domains is less than MinDomains. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 2/2/1: + /// In this case, the global minimum is 1. + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P | + /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + /// violate MaxSkew(1). + /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + /// to topologies that satisfy it. + /// It's a required field. Default value is 1 and 0 is not allowed. #[serde(rename = "maxSkew")] pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + /// MinDomains indicates a minimum number of eligible domains. + /// When the number of eligible domains with matching topology keys is less than minDomains, + /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, + /// this value has no effect on scheduling. + /// As a result, when the number of eligible domains is less than minDomains, + /// scheduler won't schedule more than maxSkew Pods to those domains. + /// If value is nil, the constraint behaves as if MinDomains is equal to 1. + /// Valid values are integers greater than 0. + /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// + /// + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + /// labelSelector spread as 2/2/2: + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P P | + /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + /// In this situation, new pod with the same labelSelector cannot be scheduled, + /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + /// it will violate MaxSkew. + /// + /// + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] pub min_domains: Option, - /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - /// If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + /// when calculating pod topology spread skew. Options are: + /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// + /// + /// If this value is nil, the behavior is equivalent to the Honor policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] pub node_affinity_policy: Option, - /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + /// NodeTaintsPolicy indicates how we will treat node taints when calculating + /// pod topology spread skew. Options are: + /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod + /// has a toleration, are included. + /// - Ignore: node taints are ignored. All nodes are included. + /// + /// + /// If this value is nil, the behavior is equivalent to the Ignore policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] pub node_taints_policy: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + /// TopologyKey is the key of node labels. Nodes that have a label with this key + /// and identical values are considered to be in the same topology. + /// We consider each as a "bucket", and try to put balanced number + /// of pods into each bucket. + /// We define a domain as a particular instance of a topology. + /// Also, we define an eligible domain as a domain whose nodes meet the requirements of + /// nodeAffinityPolicy and nodeTaintsPolicy. + /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + /// It's a required field. #[serde(rename = "topologyKey")] pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + /// the spread constraint. + /// - DoNotSchedule (default) tells the scheduler not to schedule it. + /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, + /// but giving higher precedence to topologies that would help reduce the + /// skew. + /// A constraint is considered "Unsatisfiable" for an incoming pod + /// if and only if every possible node assignment for that pod would violate + /// "MaxSkew" on some topology. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 3/1/1: + /// | zone1 | zone2 | zone3 | + /// | P P P | P | P | + /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + /// won't make it *more* imbalanced. + /// It's a required field. #[serde(rename = "whenUnsatisfiable")] pub when_unsatisfiable: String, } -/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +/// LabelSelector is used to find matching pods. +/// Pods that match this label selector are counted to determine the number of pods +/// in their corresponding topology domain. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecTopologySpreadConstraintsLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersPodSpecTopologySpreadConstraintsLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Resources are the resource requirements for the Couchbase server container. This field overrides any automatic allocation as defined by `spec.autoResourceAllocation`. +/// Resources are the resource requirements for the Couchbase server container. +/// This field overrides any automatic allocation as defined by +/// `spec.autoResourceAllocation`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersResources { - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterServersResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// VolumeMounts define persistent volume claims to attach to pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterServersVolumeMounts { - /// AnalyticsClaims are persistent volumes that encompass analytics storage associated with the analytics service. Analytics claims can only be used on server classes running the analytics service, and must be used in conjunction with the default claim. This field allows the analytics service to use different storage media (e.g. SSD), and scale horizontally, to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". + /// AnalyticsClaims are persistent volumes that encompass analytics storage associated + /// with the analytics service. Analytics claims can only be used on server classes + /// running the analytics service, and must be used in conjunction with the default claim. + /// This field allows the analytics service to use different storage media (e.g. SSD), and + /// scale horizontally, to improve performance of this service. This field references a volume + /// claim template name as defined in "spec.volumeClaimTemplates". #[serde(default, skip_serializing_if = "Option::is_none")] pub analytics: Option>, - /// DataClaim is a persistent volume that encompasses key/value storage associated with the data service. The data claim can only be used on server classes running the data service, and must be used in conjunction with the default claim. This field allows the data service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". + /// DataClaim is a persistent volume that encompasses key/value storage associated + /// with the data service. The data claim can only be used on server classes running + /// the data service, and must be used in conjunction with the default claim. This + /// field allows the data service to use different storage media (e.g. SSD) to + /// improve performance of this service. This field references a volume + /// claim template name as defined in "spec.volumeClaimTemplates". #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// DefaultClaim is a persistent volume that encompasses all Couchbase persistent data, including document storage, indexes and logs. The default volume can be used with any server class. Use of the default claim allows the Operator to recover failed pods from the persistent volume far quicker than if the pod were using ephemeral storage. The default claim cannot be used at the same time as the logs claim within the same server class. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". + /// DefaultClaim is a persistent volume that encompasses all Couchbase persistent + /// data, including document storage, indexes and logs. The default volume can be + /// used with any server class. Use of the default claim allows the Operator to + /// recover failed pods from the persistent volume far quicker than if the pod were + /// using ephemeral storage. The default claim cannot be used at the same time + /// as the logs claim within the same server class. This field references a volume + /// claim template name as defined in "spec.volumeClaimTemplates". #[serde(default, skip_serializing_if = "Option::is_none")] pub default: Option, - /// IndexClaim s a persistent volume that encompasses index storage associated with the index and search services. The index claim can only be used on server classes running the index or search services, and must be used in conjunction with the default claim. This field allows the index and/or search service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". Whilst this references index primarily, note that the full text search (FTS) service also uses this same mount. + /// IndexClaim s a persistent volume that encompasses index storage associated + /// with the index and search services. The index claim can only be used on server classes running + /// the index or search services, and must be used in conjunction with the default claim. This + /// field allows the index and/or search service to use different storage media (e.g. SSD) to + /// improve performance of this service. This field references a volume + /// claim template name as defined in "spec.volumeClaimTemplates". + /// Whilst this references index primarily, note that the full text search (FTS) service + /// also uses this same mount. #[serde(default, skip_serializing_if = "Option::is_none")] pub index: Option, - /// LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid with supporting the product. The logs claim can only be used on server classes running the following services: query, search & eventing. The logs claim cannot be used at the same time as the default claim within the same server class. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". Whilst the logs claim can be used with the search service, the recommendation is to use the default claim for these. The reason for this is that a failure of these nodes will require indexes to be rebuilt and subsequent performance impact. + /// LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid + /// with supporting the product. The logs claim can only be used on server classes running + /// the following services: query, search & eventing. The logs claim cannot be used at the same + /// time as the default claim within the same server class. This field references a volume + /// claim template name as defined in "spec.volumeClaimTemplates". + /// Whilst the logs claim can be used with the search service, the recommendation is to use the + /// default claim for these. The reason for this is that a failure of these nodes will require + /// indexes to be rebuilt and subsequent performance impact. #[serde(default, skip_serializing_if = "Option::is_none")] pub logs: Option, } -/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized. +/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows +/// the cluster to be customized. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CouchbaseClusterUpgradeProcess { + SwapRebalance, + DeltaRecovery, + InPlaceUpgrade, +} + +/// ClusterSpec is the specification for a CouchbaseCluster resources, and allows +/// the cluster to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseClusterUpgradeStrategy { RollingUpgrade, @@ -2369,44 +4428,86 @@ pub enum CouchbaseClusterUpgradeStrategy { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplates { - /// Standard objects metadata. This is a curated version for use with Couchbase resource templates. + /// Standard objects metadata. This is a curated version for use with Couchbase + /// resource templates. pub metadata: CouchbaseClusterVolumeClaimTemplatesMetadata, - /// PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes + /// PersistentVolumeClaimSpec describes the common attributes of storage devices + /// and allows a Source for provider-specific attributes pub spec: CouchbaseClusterVolumeClaimTemplatesSpec, } -/// Standard objects metadata. This is a curated version for use with Couchbase resource templates. +/// Standard objects metadata. This is a curated version for use with Couchbase +/// resource templates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplatesMetadata { - /// Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + /// Annotations is an unstructured key value map stored with a resource that + /// may be set by external tools to store and retrieve arbitrary metadata. They + /// are not queryable and should be preserved when modifying objects. More + /// info: http://kubernetes.io/docs/user-guide/annotations #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels + /// Map of string keys and values that can be used to organize and categorize + /// (scope and select) objects. May match selectors of replication controllers + /// and services. More info: http://kubernetes.io/docs/user-guide/labels #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, - /// Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names + /// Name must be unique within a namespace. Is required when creating + /// resources, although some resources may allow a client to request the + /// generation of an appropriate name automatically. Name is primarily intended + /// for creation idempotence and configuration definition. Cannot be updated. + /// More info: http://kubernetes.io/docs/user-guide/identifiers#names pub name: String, } -/// PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes +/// PersistentVolumeClaimSpec describes the common attributes of storage devices +/// and allows a Source for provider-specific attributes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplatesSpec { - /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, - /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, /// volumeName is the binding reference to the PersistentVolume backing this claim. @@ -2414,53 +4515,118 @@ pub struct CouchbaseClusterVolumeClaimTemplatesSpec { pub volume_name: Option, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplatesSpecDataSourceRef { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } -/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplatesSpecResources { - /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CouchbaseClusterVolumeClaimTemplatesSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplatesSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterVolumeClaimTemplatesSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// XDCR defines whether the Operator should manage XDCR, remote clusters and how to lookup replication resources. +/// XDCR defines whether the Operator should manage XDCR, remote clusters and how +/// to lookup replication resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterXdcr { /// Managed defines whether XDCR is managed by the operator or not. @@ -2474,58 +4640,81 @@ pub struct CouchbaseClusterXdcr { /// RemoteCluster is a reference to a remote cluster for XDCR. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterXdcrRemoteClusters { - /// AuthenticationSecret is a secret used to authenticate when establishing a remote connection. It is only required when not using mTLS. The secret must contain a username (secret key "username") and password (secret key "password"). + /// AuthenticationSecret is a secret used to authenticate when establishing a + /// remote connection. It is only required when not using mTLS. The secret + /// must contain a username (secret key "username") and password (secret key + /// "password"). #[serde(default, skip_serializing_if = "Option::is_none", rename = "authenticationSecret")] pub authentication_secret: Option, /// Hostname is the connection string to use to connect the remote cluster. To use IPv6, place brackets (`[`, `]`) around the IPv6 value. pub hostname: String, - /// Name of the remote cluster. Note that, -operator-managed is added as suffix by operator automatically to the name in order to diffrentiate from non operator managed remote clusters. + /// Name of the remote cluster. + /// Note that, -operator-managed is added as suffix by operator automatically + /// to the name in order to diffrentiate from non operator managed remote clusters. pub name: String, - /// Replications are replication streams from this cluster to the remote one. This field defines how to look up CouchbaseReplication resources. By default any CouchbaseReplication resources in the namespace will be considered. + /// Replications are replication streams from this cluster to the remote one. + /// This field defines how to look up CouchbaseReplication resources. By default + /// any CouchbaseReplication resources in the namespace will be considered. #[serde(default, skip_serializing_if = "Option::is_none")] pub replications: Option, - /// TLS if specified references a resource containing the necessary certificate data for an encrypted connection. + /// TLS if specified references a resource containing the necessary certificate + /// data for an encrypted connection. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, - /// UUID of the remote cluster. The UUID of a CouchbaseCluster resource is advertised in the status.clusterId field of the resource. + /// UUID of the remote cluster. The UUID of a CouchbaseCluster resource + /// is advertised in the status.clusterId field of the resource. pub uuid: String, } -/// Replications are replication streams from this cluster to the remote one. This field defines how to look up CouchbaseReplication resources. By default any CouchbaseReplication resources in the namespace will be considered. +/// Replications are replication streams from this cluster to the remote one. +/// This field defines how to look up CouchbaseReplication resources. By default +/// any CouchbaseReplication resources in the namespace will be considered. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterXdcrRemoteClustersReplications { - /// Selector allows CouchbaseReplication resources to be filtered based on labels. + /// Selector allows CouchbaseReplication resources to be filtered + /// based on labels. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } -/// Selector allows CouchbaseReplication resources to be filtered based on labels. +/// Selector allows CouchbaseReplication resources to be filtered +/// based on labels. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterXdcrRemoteClustersReplicationsSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterXdcrRemoteClustersReplicationsSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// TLS if specified references a resource containing the necessary certificate data for an encrypted connection. +/// TLS if specified references a resource containing the necessary certificate +/// data for an encrypted connection. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterXdcrRemoteClustersTls { - /// Secret references a secret containing the CA certificate (data key "ca"), and optionally a client certificate (data key "certificate") and key (data key "key"). + /// Secret references a secret containing the CA certificate (data key "ca"), + /// and optionally a client certificate (data key "certificate") and key + /// (data key "key"). pub secret: String, } @@ -2541,16 +4730,21 @@ pub struct CouchbaseClusterStatus { /// Buckets describes all the buckets managed by the cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub buckets: Option>, - /// ClusterID is the unique cluster UUID. This is generated every time a new cluster is created, so may vary over the lifetime of a cluster if it is recreated by disaster recovery mechanisms. + /// ClusterID is the unique cluster UUID. This is generated every time + /// a new cluster is created, so may vary over the lifetime of a cluster + /// if it is recreated by disaster recovery mechanisms. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterId")] pub cluster_id: Option, /// Current service state of the Couchbase cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, - /// ControlPaused indicates if the Operator has acknowledged and paused the control of the cluster. + /// ControlPaused indicates if the Operator has acknowledged and paused the + /// control of the cluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "controlPaused")] pub control_paused: Option, - /// CurrentVersion is the current Couchbase version. This reflects the version of the whole cluster, therefore during upgrade, it is only updated when the upgrade has completed. + /// CurrentVersion is the current Couchbase version. This reflects the + /// version of the whole cluster, therefore during upgrade, it is only + /// updated when the upgrade has completed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVersion")] pub current_version: Option, /// Groups describes all the groups managed by the cluster. @@ -2559,7 +4753,8 @@ pub struct CouchbaseClusterStatus { /// Members are the Couchbase members in the cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub members: Option, - /// Size is the current size of the cluster in terms of pods. Individual pod status conditions are listed in the members status. + /// Size is the current size of the cluster in terms of pods. Individual + /// pod status conditions are listed in the members status. pub size: i64, /// Users describes all the users managed by the cluster. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2569,36 +4764,54 @@ pub struct CouchbaseClusterStatus { /// ServerClassStatus summarizes memory allocations to make configuration easier. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterStatusAllocations { - /// AllocatedMemory defines the total memory allocated for constrained Couchbase services. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// AllocatedMemory defines the total memory allocated for constrained Couchbase services. + /// More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedMemory")] pub allocated_memory: Option, - /// AllocatedMemoryPercent is set when memory resources are requested and define how much of the requested memory is allocated to constrained Couchbase services. + /// AllocatedMemoryPercent is set when memory resources are requested and define how much of + /// the requested memory is allocated to constrained Couchbase services. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedMemoryPercent")] pub allocated_memory_percent: Option, - /// AnalyticsServiceAllocation is set when the analytics service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// AnalyticsServiceAllocation is set when the analytics service is enabled for this class and + /// defines how much memory this service consumes per pod. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "analyticsServiceAllocation")] pub analytics_service_allocation: Option, - /// DataServiceAllocation is set when the data service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// DataServiceAllocation is set when the data service is enabled for this class and + /// defines how much memory this service consumes per pod. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataServiceAllocation")] pub data_service_allocation: Option, - /// EventingServiceAllocation is set when the eventing service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// EventingServiceAllocation is set when the eventing service is enabled for this class and + /// defines how much memory this service consumes per pod. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "eventingServiceAllocation")] pub eventing_service_allocation: Option, - /// IndexServiceAllocation is set when the index service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// IndexServiceAllocation is set when the index service is enabled for this class and + /// defines how much memory this service consumes per pod. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "indexServiceAllocation")] pub index_service_allocation: Option, /// Name is the name of the server class defined in spec.servers pub name: String, - /// RequestedMemory, if set, defines the Kubernetes resource request for the server class. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// RequestedMemory, if set, defines the Kubernetes resource request for the server class. + /// More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestedMemory")] pub requested_memory: Option, - /// SearchServiceAllocation is set when the search service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// SearchServiceAllocation is set when the search service is enabled for this class and + /// defines how much memory this service consumes per pod. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "searchServiceAllocation")] pub search_service_allocation: Option, - /// UnusedMemory is set when memory resources are requested and is the difference between the requestedMemory and allocatedMemory. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// UnusedMemory is set when memory resources are requested and is the difference between + /// the requestedMemory and allocatedMemory. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "unusedMemory")] pub unused_memory: Option, - /// UnusedMemoryPercent is set when memory resources are requested and defines how much requested memory is not allocated. Couchbase server expects at least a 20% overhead. + /// UnusedMemoryPercent is set when memory resources are requested and defines how much + /// requested memory is not allocated. Couchbase server expects at least a 20% overhead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "unusedMemoryPercent")] pub unused_memory_percent: Option, } @@ -2608,7 +4821,8 @@ pub struct CouchbaseClusterStatusBuckets { /// CompressionMode defines how documents are compressed. #[serde(rename = "compressionMode")] pub compression_mode: String, - /// ConflictResolution is relevant for `couchbase` and `ephemeral` bucket types and indicates how to resolve conflicts when using multi-master XDCR. + /// ConflictResolution is relevant for `couchbase` and `ephemeral` bucket types + /// and indicates how to resolve conflicts when using multi-master XDCR. #[serde(rename = "conflictResolution")] pub conflict_resolution: String, /// EnableFlush is whether a client can delete all documents in a bucket. @@ -2617,10 +4831,12 @@ pub struct CouchbaseClusterStatusBuckets { /// EnableIndexReplica is whether indexes against bucket documents are replicated. #[serde(rename = "enableIndexReplica")] pub enable_index_replica: bool, - /// EvictionPolicy is relevant for `couchbase` and `ephemeral` bucket types and indicates how documents are evicted from memory when it is exhausted. + /// EvictionPolicy is relevant for `couchbase` and `ephemeral` bucket types + /// and indicates how documents are evicted from memory when it is exhausted. #[serde(rename = "evictionPolicy")] pub eviction_policy: String, - /// IoPriority is `low` or `high` depending on the number of threads spawned for data processing. + /// IoPriority is `low` or `high` depending on the number of threads + /// spawned for data processing. #[serde(rename = "ioPriority")] pub io_priority: String, /// BucketMemoryQuota is the bucket memory quota in megabytes. @@ -2643,10 +4859,12 @@ pub struct CouchbaseClusterStatusBuckets { /// Members are the Couchbase members in the cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseClusterStatusMembers { - /// Ready are the Couchbase members that are clustered and ready to serve client requests. The member names are the same as the Couchbase pod names. + /// Ready are the Couchbase members that are clustered and ready to serve + /// client requests. The member names are the same as the Couchbase pod names. #[serde(default, skip_serializing_if = "Option::is_none")] pub ready: Option>, - /// Unready are the Couchbase members not clustered or unready to serve client requests. The member names are the same as the Couchbase pod names. + /// Unready are the Couchbase members not clustered or unready to serve + /// client requests. The member names are the same as the Couchbase pod names. #[serde(default, skip_serializing_if = "Option::is_none")] pub unready: Option>, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollectiongroups.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollectiongroups.rs index 633719d1d..1f140120c 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollectiongroups.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollectiongroups.rs @@ -17,10 +17,24 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseCollectionGroupSpec { - /// MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This field takes precedence over any TTL defined at the bucket level. This is a default, and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration + /// MaxTTL defines how long a document is permitted to exist for, without + /// modification, until it is automatically deleted. This field takes precedence over + /// any TTL defined at the bucket level. This is a default, and maximum + /// time-to-live and may be set to a lower value by the client. If the client specifies + /// a higher value, then it is truncated to the maximum durability. Documents are + /// removed by Couchbase, after they have expired, when either accessed, the expiry + /// pager is run, or the bucket is compacted. When set to 0, then documents are not + /// expired by default. This field must be a duration in the range 0-2147483648s, + /// defaulting to 0. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxTTL")] pub max_ttl: Option, - /// Names specifies the names of the collections. Unlike CouchbaseCollection, which specifies a single collection, a collection group specifies multiple, and the collection group must specify at least one collection name. Any collection names specified must be unique. Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %. + /// Names specifies the names of the collections. Unlike CouchbaseCollection, which + /// specifies a single collection, a collection group specifies multiple, and the + /// collection group must specify at least one collection name. + /// Any collection names specified must be unique. + /// Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + /// and not start with either _ or %. pub names: Vec, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollections.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollections.rs index 379917379..eca8727fd 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollections.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasecollections.rs @@ -17,10 +17,25 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseCollectionSpec { - /// MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This field takes precedence over any TTL defined at the bucket level. This is a default, and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration + /// MaxTTL defines how long a document is permitted to exist for, without + /// modification, until it is automatically deleted. This field takes precedence over + /// any TTL defined at the bucket level. This is a default, and maximum + /// time-to-live and may be set to a lower value by the client. If the client specifies + /// a higher value, then it is truncated to the maximum durability. Documents are + /// removed by Couchbase, after they have expired, when either accessed, the expiry + /// pager is run, or the bucket is compacted. When set to 0, then documents are not + /// expired by default. This field must be a duration in the range 0-2147483648s, + /// defaulting to 0. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxTTL")] pub max_ttl: Option, - /// Name specifies the name of the collection. By default, the metadata.name is used to define the collection name, however, due to the limited character set, this field can be used to override the default and provide the full functionality. Additionally the `metadata.name` field is a DNS label, and thus limited to 63 characters, this field must be used if the name is longer than this limit. Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %. + /// Name specifies the name of the collection. By default, the metadata.name is + /// used to define the collection name, however, due to the limited character set, + /// this field can be used to override the default and provide the full functionality. + /// Additionally the `metadata.name` field is a DNS label, and thus limited to 63 + /// characters, this field must be used if the name is longer than this limit. + /// Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + /// and not start with either _ or %. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseephemeralbuckets.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseephemeralbuckets.rs index 2ea9fca88..381e89a91 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseephemeralbuckets.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaseephemeralbuckets.rs @@ -10,7 +10,8 @@ mod prelude { } use self::prelude::*; -/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket +/// resource, and allows the bucket to be customized. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseEphemeralBucket", plural = "couchbaseephemeralbuckets")] #[kube(namespaced)] @@ -18,42 +19,96 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseEphemeralBucketSpec { - /// CompressionMode defines how Couchbase server handles document compression. When off, documents are stored in memory, and transferred to the client uncompressed. When passive, documents are stored compressed in memory, and transferred to the client compressed when requested. When active, documents are stored compresses in memory and when transferred to the client. This field must be "off", "passive" or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so must be quoted as a string in configuration files. + /// CompressionMode defines how Couchbase server handles document compression. When + /// off, documents are stored in memory, and transferred to the client uncompressed. + /// When passive, documents are stored compressed in memory, and transferred to the + /// client compressed when requested. When active, documents are stored compresses + /// in memory and when transferred to the client. This field must be "off", "passive" + /// or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so + /// must be quoted as a string in configuration files. #[serde(default, skip_serializing_if = "Option::is_none", rename = "compressionMode")] pub compression_mode: Option, - /// ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number based resolution selects the document with the highest sequence number as the most recent. Timestamp based resolution selects the document that was written to most recently as the most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), defaulting to "seqno". + /// ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number + /// based resolution selects the document with the highest sequence number as the most recent. + /// Timestamp based resolution selects the document that was written to most recently as the + /// most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), + /// defaulting to "seqno". #[serde(default, skip_serializing_if = "Option::is_none", rename = "conflictResolution")] pub conflict_resolution: Option, - /// EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false. + /// EnableFlush defines whether a client can delete all documents in a bucket. + /// This field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFlush")] pub enable_flush: Option, - /// EvictionPolicy controls how Couchbase handles memory exhaustion. No eviction means that Couchbase server will make this bucket read-only when memory is exhausted in order to avoid data loss. NRU eviction will delete documents that haven't been used recently in order to free up memory. This field must be "noEviction" or "nruEviction", defaulting to "noEviction". + /// EvictionPolicy controls how Couchbase handles memory exhaustion. No eviction means + /// that Couchbase server will make this bucket read-only when memory is exhausted in + /// order to avoid data loss. NRU eviction will delete documents that haven't been used + /// recently in order to free up memory. This field must be "noEviction" or "nruEviction", + /// defaulting to "noEviction". #[serde(default, skip_serializing_if = "Option::is_none", rename = "evictionPolicy")] pub eviction_policy: Option, - /// IOPriority controls how many threads a bucket has, per pod, to process reads and writes. This field must be "low" or "high", defaulting to "low". Modification of this field will cause a temporary service disruption as threads are restarted. + /// IOPriority controls how many threads a bucket has, per pod, to process reads and writes. + /// This field must be "low" or "high", defaulting to "low". Modification of this field will + /// cause a temporary service disruption as threads are restarted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ioPriority")] pub io_priority: Option, - /// MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This is a default and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration + /// MaxTTL defines how long a document is permitted to exist for, without + /// modification, until it is automatically deleted. This is a default and maximum + /// time-to-live and may be set to a lower value by the client. If the client specifies + /// a higher value, then it is truncated to the maximum durability. Documents are + /// removed by Couchbase, after they have expired, when either accessed, the expiry + /// pager is run, or the bucket is compacted. When set to 0, then documents are not + /// expired by default. This field must be a duration in the range 0-2147483648s, + /// defaulting to 0. More info: + /// https://golang.org/pkg/time/#ParseDuration #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxTTL")] pub max_ttl: Option, - /// MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, + /// documents will be evicted from memory defined by the eviction policy. The memory quota + /// is defined per Couchbase pod running the data service. This field defaults to, and must + /// be greater than or equal to 100Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryQuota")] pub memory_quota: Option, - /// MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. This field must be either "none" or "majority", defaulting to "none". + /// MiniumumDurability defines how durable a document write is by default, and can + /// be made more durable by the client. This feature enables ACID transactions. + /// When none, Couchbase server will respond when the document is in memory, it will + /// become eventually consistent across the cluster. When majority, Couchbase server will + /// respond when the document is replicated to at least half of the pods running the + /// data service in the cluster. This field must be either "none" or "majority", + /// defaulting to "none". #[serde(default, skip_serializing_if = "Option::is_none", rename = "minimumDurability")] pub minimum_durability: Option, - /// Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// Name is the name of the bucket within Couchbase server. By default the Operator + /// will use the `metadata.name` field to define the bucket name. The `metadata.name` + /// field only supports a subset of the supported character set. When specified, this + /// field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1. + /// Rank determines the bucket’s place in the order in which the rebalance process + /// handles the buckets on the cluster. The higher a bucket’s assigned integer + /// (in relation to the integers assigned other buckets), the sooner in the + /// rebalance process the bucket is handled. This assignment of rank allows a + /// cluster’s most mission-critical data to be rebalanced with top priority. + /// This option is only supported for Couchbase Server 7.6.0+. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rank: Option, + /// Replicas defines how many copies of documents Couchbase server maintains. This directly + /// affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster + /// can tolerate one data pod going down and still service requests without data loss. The + /// number of replicas also affect memory use. With a single replica, the effective memory + /// quota for documents is halved, with two replicas it is one third. The number of replicas + /// must be between 0 and 3, defaulting to 1. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, - /// Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. + /// Scopes defines whether the Operator manages scopes for the bucket or not, and + /// the set of scopes defined for the bucket. #[serde(default, skip_serializing_if = "Option::is_none")] pub scopes: Option, } -/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket +/// resource, and allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseEphemeralBucketCompressionMode { #[serde(rename = "off")] @@ -64,7 +119,8 @@ pub enum CouchbaseEphemeralBucketCompressionMode { Active, } -/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket +/// resource, and allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseEphemeralBucketConflictResolution { #[serde(rename = "seqno")] @@ -73,7 +129,8 @@ pub enum CouchbaseEphemeralBucketConflictResolution { Lww, } -/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket +/// resource, and allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseEphemeralBucketEvictionPolicy { #[serde(rename = "noEviction")] @@ -82,7 +139,8 @@ pub enum CouchbaseEphemeralBucketEvictionPolicy { NruEviction, } -/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket +/// resource, and allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseEphemeralBucketIoPriority { #[serde(rename = "low")] @@ -91,7 +149,8 @@ pub enum CouchbaseEphemeralBucketIoPriority { High, } -/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket resource, and allows the bucket to be customized. +/// CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket +/// resource, and allows the bucket to be customized. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum CouchbaseEphemeralBucketMinimumDurability { #[serde(rename = "none")] @@ -100,26 +159,45 @@ pub enum CouchbaseEphemeralBucketMinimumDurability { Majority, } -/// Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. +/// Scopes defines whether the Operator manages scopes for the bucket or not, and +/// the set of scopes defined for the bucket. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseEphemeralBucketScopes { - /// Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present. + /// Managed defines whether scopes are managed for this bucket. + /// This field is `false` by default, and the Operator will take no actions that + /// will affect scopes and collections in this bucket. The default scope and + /// collection will be present. When set to `true`, the Operator will manage + /// user defined scopes, and optionally, their collections as defined by the + /// `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and + /// `CouchbaseCollectionGroup` resource documentation. If this field is set to + /// `false` while the already managed, then the Operator will leave whatever + /// configuration is already present. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named resources that will be considered + /// for inclusion in this bucket. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// bucket. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseEphemeralBucketScopesResources { - /// Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseScope` and `CouchbaseScopeGroup` resource kinds. This field defaults to `CouchbaseScope` if not specified. + /// Kind indicates the kind of resource that is being referenced. A scope + /// can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + /// resource kinds. This field defaults to `CouchbaseScope` if not + /// specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name is the name of the Kubernetes resource name that is being referenced. Legal scope names have a maximum length of 251 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + /// Name is the name of the Kubernetes resource name that is being referenced. + /// Legal scope names have a maximum length of 251 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". pub name: String, } @@ -129,25 +207,34 @@ pub enum CouchbaseEphemeralBucketScopesResourcesKind { CouchbaseScopeGroup, } -/// Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// bucket. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseEphemeralBucketScopesSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseEphemeralBucketScopesSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasegroups.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasegroups.rs index 602b40a22..6fb4de3c6 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasegroups.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasegroups.rs @@ -27,36 +27,51 @@ pub struct CouchbaseGroupSpec { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct CouchbaseGroupRoles { - /// Bucket name for bucket admin roles. When not specified for a role that can be scoped to a specific bucket, the role will apply to all buckets in the cluster. Deprecated: Couchbase Autonomous Operator 2.3 + /// Bucket name for bucket admin roles. When not specified for a role that can be scoped + /// to a specific bucket, the role will apply to all buckets in the cluster. + /// Deprecated: Couchbase Autonomous Operator 2.3 #[serde(default, skip_serializing_if = "Option::is_none")] pub bucket: Option, - /// Bucket level access to apply to specified role. The bucket must exist. When not specified, the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role will apply to all buckets in the cluster + /// Bucket level access to apply to specified role. The bucket must exist. When not specified, + /// the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role + /// will apply to all buckets in the cluster #[serde(default, skip_serializing_if = "Option::is_none")] pub buckets: Option, - /// Collection level access to apply to the specified role. The collection must exist. When not specified, the role is subject to scope or bucket level access. + /// Collection level access to apply to the specified role. The collection must exist. + /// When not specified, the role is subject to scope or bucket level access. #[serde(default, skip_serializing_if = "Option::is_none")] pub collections: Option, /// Name of role. pub name: CouchbaseGroupRolesName, - /// Scope level access to apply to specified role. The scope must exist. When not specified, the role will apply to selected bucket or all buckets in the cluster. + /// Scope level access to apply to specified role. The scope must exist. When not specified, + /// the role will apply to selected bucket or all buckets in the cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub scopes: Option, } -/// Bucket level access to apply to specified role. The bucket must exist. When not specified, the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role will apply to all buckets in the cluster +/// Bucket level access to apply to specified role. The bucket must exist. When not specified, +/// the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role +/// will apply to all buckets in the cluster #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesBuckets { - /// Resources is an explicit list of named bucket resources that will be considered for inclusion in this role. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named bucket resources that will be considered + /// for inclusion in this role. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// role. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesBucketsResources { - /// Kind indicates the kind of resource that is being referenced. A Role can only reference `CouchbaseBucket` kind. This field defaults to `CouchbaseBucket` if not specified. + /// Kind indicates the kind of resource that is being referenced. A Role + /// can only reference `CouchbaseBucket` kind. This field defaults + /// to `CouchbaseBucket` if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the Kubernetes resource name that is being referenced. @@ -68,46 +83,66 @@ pub enum CouchbaseGroupRolesBucketsResourcesKind { CouchbaseBucket, } -/// Selector allows resources to be implicitly considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// role. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesBucketsSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesBucketsSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Collection level access to apply to the specified role. The collection must exist. When not specified, the role is subject to scope or bucket level access. +/// Collection level access to apply to the specified role. The collection must exist. +/// When not specified, the role is subject to scope or bucket level access. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesCollections { - /// Resources is an explicit list of named resources that will be considered for inclusion in this collection or collections. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named resources that will be considered + /// for inclusion in this collection or collections. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this collection or collections. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// collection or collections. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesCollectionsResources { - /// Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` resource kinds. This field defaults to `CouchbaseCollection` if not specified. + /// Kind indicates the kind of resource that is being referenced. A scope + /// can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + /// resource kinds. This field defaults to `CouchbaseCollection` if not + /// specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name is the name of the Kubernetes resource name that is being referenced. Legal collection names have a maximum length of 251 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + /// Name is the name of the Kubernetes resource name that is being referenced. + /// Legal collection names have a maximum length of 251 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". pub name: String, } @@ -117,25 +152,34 @@ pub enum CouchbaseGroupRolesCollectionsResourcesKind { CouchbaseCollectionGroup, } -/// Selector allows resources to be implicitly considered for inclusion in this collection or collections. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// collection or collections. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesCollectionsSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesCollectionsSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -238,25 +282,38 @@ pub enum CouchbaseGroupRolesName { ViewsAdmin, #[serde(rename = "views_reader")] ViewsReader, + #[serde(rename = "eventing_manage_functions")] + EventingManageFunctions, } -/// Scope level access to apply to specified role. The scope must exist. When not specified, the role will apply to selected bucket or all buckets in the cluster. +/// Scope level access to apply to specified role. The scope must exist. When not specified, +/// the role will apply to selected bucket or all buckets in the cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesScopes { - /// Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named resources that will be considered + /// for inclusion in this scope or scopes. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// scope or scopes. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesScopesResources { - /// Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseScope` and `CouchbaseScopeGroup` resource kinds. This field defaults to `CouchbaseScope` if not specified. + /// Kind indicates the kind of resource that is being referenced. A scope + /// can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + /// resource kinds. This field defaults to `CouchbaseScope` if not + /// specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name is the name of the Kubernetes resource name that is being referenced. Legal scope names have a maximum length of 251 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + /// Name is the name of the Kubernetes resource name that is being referenced. + /// Legal scope names have a maximum length of 251 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". pub name: String, } @@ -266,25 +323,34 @@ pub enum CouchbaseGroupRolesScopesResourcesKind { CouchbaseScopeGroup, } -/// Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// scope or scopes. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesScopesSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseGroupRolesScopesSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasememcachedbuckets.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasememcachedbuckets.rs index a554a9d84..246da49f4 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasememcachedbuckets.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasememcachedbuckets.rs @@ -9,7 +9,8 @@ mod prelude { } use self::prelude::*; -/// CouchbaseMemcachedBucketSpec is the specification for a Memcached bucket resource, and allows the bucket to be customized. +/// CouchbaseMemcachedBucketSpec is the specification for a Memcached bucket +/// resource, and allows the bucket to be customized. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseMemcachedBucket", plural = "couchbasememcachedbuckets")] #[kube(namespaced)] @@ -17,13 +18,21 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseMemcachedBucketSpec { - /// EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false. + /// EnableFlush defines whether a client can delete all documents in a bucket. + /// This field defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFlush")] pub enable_flush: Option, - /// MemoryQuota is a memory limit to the size of a bucket. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + /// MemoryQuota is a memory limit to the size of a bucket. The memory quota + /// is defined per Couchbase pod running the data service. This field defaults to, and must + /// be greater than or equal to 100Mi. More info: + /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes #[serde(default, skip_serializing_if = "Option::is_none", rename = "memoryQuota")] pub memory_quota: Option, - /// Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// Name is the name of the bucket within Couchbase server. By default the Operator + /// will use the `metadata.name` field to define the bucket name. The `metadata.name` + /// field only supports a subset of the supported character set. When specified, this + /// field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasemigrationreplications.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasemigrationreplications.rs index 39528399d..83b4f1938 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasemigrationreplications.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasemigrationreplications.rs @@ -16,10 +16,12 @@ pub struct CouchbaseMigrationReplicationMigrationMapping { pub mappings: Vec, } -/// Indicates whether this is using migration mapping or not. This is only valid when using the default scope/collection. +/// Indicates whether this is using migration mapping or not. +/// This is only valid when using the default scope/collection. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseMigrationReplicationMigrationMappingMappings { - /// A filter to select from the source default scope and collection. Defaults to select everything in the default scope and collection. + /// A filter to select from the source default scope and collection. + /// Defaults to select everything in the default scope and collection. #[serde(default, skip_serializing_if = "Option::is_none")] pub filter: Option, /// The destination of our migration, must be a scope and collection. @@ -45,18 +47,29 @@ pub struct CouchbaseMigrationReplicationMigrationMappingMappingsTargetKeyspace { #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseMigrationReplicationSpec { - /// Bucket is the source bucket to replicate from. This refers to the Couchbase bucket name, not the resource name of the bucket. A bucket with this name must be defined on this cluster. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// Bucket is the source bucket to replicate from. This refers to the Couchbase + /// bucket name, not the resource name of the bucket. A bucket with this name must + /// be defined on this cluster. Legal bucket names have a maximum length of 100 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". pub bucket: String, - /// CompressionType is the type of compression to apply to the replication. When None, no compression will be applied to documents as they are transferred between clusters. When Auto, Couchbase server will automatically compress documents as they are transferred to reduce bandwidth requirements. This field must be one of "None" or "Auto", defaulting to "Auto". + /// CompressionType is the type of compression to apply to the replication. + /// When None, no compression will be applied to documents as they are + /// transferred between clusters. When Auto, Couchbase server will automatically + /// compress documents as they are transferred to reduce bandwidth requirements. + /// This field must be one of "None" or "Auto", defaulting to "Auto". #[serde(default, skip_serializing_if = "Option::is_none", rename = "compressionType")] pub compression_type: Option, /// FilterExpression allows certain documents to be filtered out of the replication. #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterExpression")] pub filter_expression: Option, - /// Paused allows a replication to be stopped and restarted without having to restart the replication from the beginning. + /// Paused allows a replication to be stopped and restarted without having to + /// restart the replication from the beginning. #[serde(default, skip_serializing_if = "Option::is_none")] pub paused: Option, - /// RemoteBucket is the remote bucket name to synchronize to. This refers to the Couchbase bucket name, not the resource name of the bucket. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// RemoteBucket is the remote bucket name to synchronize to. This refers to the + /// Couchbase bucket name, not the resource name of the bucket. Legal bucket names + /// have a maximum length of 100 characters and may be composed of any character from + /// "a-z", "A-Z", "0-9" and "-_%\.". #[serde(rename = "remoteBucket")] pub remote_bucket: String, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasereplications.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasereplications.rs index 7467a4a4e..1f140bca4 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasereplications.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasereplications.rs @@ -9,29 +9,49 @@ mod prelude { } use self::prelude::*; -/// The explicit mappings to use for replication which are optional. For Scopes and Collection replication support we can specify a set of implicit and explicit mappings to use. If none is specified then it is assumed to be existing bucket level replication. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping +/// The explicit mappings to use for replication which are optional. +/// For Scopes and Collection replication support we can specify a set of implicit and +/// explicit mappings to use. If none is specified then it is assumed to be existing +/// bucket level replication. +/// https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseReplicationExplicitMapping { - /// The list of explicit replications to carry out including any nested implicit replications: specifying a scope implicitly replicates all collections within it. There should be no duplicates, including more-specific duplicates, e.g. if you specify replication of a scope then you can only deny replication of collections within it. + /// The list of explicit replications to carry out including any nested implicit replications: + /// specifying a scope implicitly replicates all collections within it. + /// There should be no duplicates, including more-specific duplicates, e.g. if you specify replication + /// of a scope then you can only deny replication of collections within it. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowRules")] pub allow_rules: Option>, - /// The list of explicit replications to prevent including any nested implicit denials: specifying a scope implicitly denies all collections within it. There should be no duplicates, including more-specific duplicates, e.g. if you specify denial of replication of a scope then you can only specify replication of collections within it. + /// The list of explicit replications to prevent including any nested implicit denials: + /// specifying a scope implicitly denies all collections within it. + /// There should be no duplicates, including more-specific duplicates, e.g. if you specify denial of + /// replication of a scope then you can only specify replication of collections within it. #[serde(default, skip_serializing_if = "Option::is_none", rename = "denyRules")] pub deny_rules: Option>, } -/// CouchbaseAllowReplicationMapping is to cover Scope and Collection explicit replication. If a scope is defined then it implicitly allows all collections unless a more specific CouchbaseDenyReplicationMapping rule is present to block it. Once a rule is defined at scope level it should not be redefined at collection level. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html +/// CouchbaseAllowReplicationMapping is to cover Scope and Collection explicit replication. +/// If a scope is defined then it implicitly allows all collections unless a more specific +/// CouchbaseDenyReplicationMapping rule is present to block it. +/// Once a rule is defined at scope level it should not be redefined at collection level. +/// https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseReplicationExplicitMappingAllowRules { - /// The source keyspace: where to replicate from. Source and target must match whether they have a collection or not, i.e. you cannot replicate from a scope to a collection. + /// The source keyspace: where to replicate from. + /// Source and target must match whether they have a collection or not, i.e. you cannot + /// replicate from a scope to a collection. #[serde(rename = "sourceKeyspace")] pub source_keyspace: CouchbaseReplicationExplicitMappingAllowRulesSourceKeyspace, - /// The target keyspace: where to replicate to. Source and target must match whether they have a collection or not, i.e. you cannot replicate from a scope to a collection. + /// The target keyspace: where to replicate to. + /// Source and target must match whether they have a collection or not, i.e. you cannot + /// replicate from a scope to a collection. #[serde(rename = "targetKeyspace")] pub target_keyspace: CouchbaseReplicationExplicitMappingAllowRulesTargetKeyspace, } -/// The source keyspace: where to replicate from. Source and target must match whether they have a collection or not, i.e. you cannot replicate from a scope to a collection. +/// The source keyspace: where to replicate from. +/// Source and target must match whether they have a collection or not, i.e. you cannot +/// replicate from a scope to a collection. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseReplicationExplicitMappingAllowRulesSourceKeyspace { /// The optional collection within the scope. May be empty to just work at scope level. @@ -41,7 +61,9 @@ pub struct CouchbaseReplicationExplicitMappingAllowRulesSourceKeyspace { pub scope: String, } -/// The target keyspace: where to replicate to. Source and target must match whether they have a collection or not, i.e. you cannot replicate from a scope to a collection. +/// The target keyspace: where to replicate to. +/// Source and target must match whether they have a collection or not, i.e. you cannot +/// replicate from a scope to a collection. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseReplicationExplicitMappingAllowRulesTargetKeyspace { /// The optional collection within the scope. May be empty to just work at scope level. @@ -51,7 +73,9 @@ pub struct CouchbaseReplicationExplicitMappingAllowRulesTargetKeyspace { pub scope: String, } -/// Provide rules to block implicit replication at scope or collection level. You may want to implicitly map all scopes or collections except a specific one (or set) so this is a better way to express that by creating rules just for those to deny. +/// Provide rules to block implicit replication at scope or collection level. +/// You may want to implicitly map all scopes or collections except a specific one (or set) so this +/// is a better way to express that by creating rules just for those to deny. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseReplicationExplicitMappingDenyRules { /// The source keyspace: where to block replication from. @@ -77,18 +101,29 @@ pub struct CouchbaseReplicationExplicitMappingDenyRulesSourceKeyspace { #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseReplicationSpec { - /// Bucket is the source bucket to replicate from. This refers to the Couchbase bucket name, not the resource name of the bucket. A bucket with this name must be defined on this cluster. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// Bucket is the source bucket to replicate from. This refers to the Couchbase + /// bucket name, not the resource name of the bucket. A bucket with this name must + /// be defined on this cluster. Legal bucket names have a maximum length of 100 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". pub bucket: String, - /// CompressionType is the type of compression to apply to the replication. When None, no compression will be applied to documents as they are transferred between clusters. When Auto, Couchbase server will automatically compress documents as they are transferred to reduce bandwidth requirements. This field must be one of "None" or "Auto", defaulting to "Auto". + /// CompressionType is the type of compression to apply to the replication. + /// When None, no compression will be applied to documents as they are + /// transferred between clusters. When Auto, Couchbase server will automatically + /// compress documents as they are transferred to reduce bandwidth requirements. + /// This field must be one of "None" or "Auto", defaulting to "Auto". #[serde(default, skip_serializing_if = "Option::is_none", rename = "compressionType")] pub compression_type: Option, /// FilterExpression allows certain documents to be filtered out of the replication. #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterExpression")] pub filter_expression: Option, - /// Paused allows a replication to be stopped and restarted without having to restart the replication from the beginning. + /// Paused allows a replication to be stopped and restarted without having to + /// restart the replication from the beginning. #[serde(default, skip_serializing_if = "Option::is_none")] pub paused: Option, - /// RemoteBucket is the remote bucket name to synchronize to. This refers to the Couchbase bucket name, not the resource name of the bucket. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + /// RemoteBucket is the remote bucket name to synchronize to. This refers to the + /// Couchbase bucket name, not the resource name of the bucket. Legal bucket names + /// have a maximum length of 100 characters and may be composed of any character from + /// "a-z", "A-Z", "0-9" and "-_%\.". #[serde(rename = "remoteBucket")] pub remote_bucket: String, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaserolebindings.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaserolebindings.rs index d73b34a79..997c5c60d 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbaserolebindings.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbaserolebindings.rs @@ -9,7 +9,8 @@ mod prelude { } use self::prelude::*; -/// CouchbaseRoleBindingSpec defines the group of subjects i.e. users, and the role i.e. group they are a member of. +/// CouchbaseRoleBindingSpec defines the group of subjects i.e. users, and the +/// role i.e. group they are a member of. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq)] #[kube(group = "couchbase.com", version = "v2", kind = "CouchbaseRoleBinding", plural = "couchbaserolebindings")] #[kube(namespaced)] diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopegroups.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopegroups.rs index ec1bf05fc..b7bea2953 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopegroups.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopegroups.rs @@ -18,36 +18,66 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseScopeGroupSpec { - /// Collections defines how to collate collections included in this scope or scope group. Any of the provided methods may be used to collate a set of collections to manage. Collated collections must have unique names, otherwise it is considered ambiguous, and an error condition. + /// Collections defines how to collate collections included in this scope or scope group. + /// Any of the provided methods may be used to collate a set of collections to + /// manage. Collated collections must have unique names, otherwise it is + /// considered ambiguous, and an error condition. #[serde(default, skip_serializing_if = "Option::is_none")] pub collections: Option, - /// Names specifies the names of the scopes. Unlike CouchbaseScope, which specifies a single scope, a scope group specifies multiple, and the scope group must specify at least one scope name. Any scope names specified must be unique. Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %. + /// Names specifies the names of the scopes. Unlike CouchbaseScope, which + /// specifies a single scope, a scope group specifies multiple, and the + /// scope group must specify at least one scope name. + /// Any scope names specified must be unique. + /// Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + /// and not start with either _ or %. pub names: Vec, } -/// Collections defines how to collate collections included in this scope or scope group. Any of the provided methods may be used to collate a set of collections to manage. Collated collections must have unique names, otherwise it is considered ambiguous, and an error condition. +/// Collections defines how to collate collections included in this scope or scope group. +/// Any of the provided methods may be used to collate a set of collections to +/// manage. Collated collections must have unique names, otherwise it is +/// considered ambiguous, and an error condition. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeGroupCollections { - /// Managed indicates whether collections within this scope are managed. If not then you can dynamically create and delete collections with the Couchbase UI or SDKs. + /// Managed indicates whether collections within this scope are managed. + /// If not then you can dynamically create and delete collections with + /// the Couchbase UI or SDKs. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. The default collection can be deleted, but can not be recreated by Couchbase Server. By setting this field to `true`, the Operator will implicitly manage the default collection within the default scope. The default collection cannot be modified and will have no document time-to-live (TTL). When set to `false`, the operator will not manage the default collection, which will be deleted and cannot be used or recreated. + /// PreserveDefaultCollection indicates whether the Operator should manage the + /// default collection within the default scope. The default collection can + /// be deleted, but can not be recreated by Couchbase Server. By setting this + /// field to `true`, the Operator will implicitly manage the default collection + /// within the default scope. The default collection cannot be modified and + /// will have no document time-to-live (TTL). When set to `false`, the operator + /// will not manage the default collection, which will be deleted and cannot be + /// used or recreated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preserveDefaultCollection")] pub preserve_default_collection: Option, - /// Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named resources that will be considered + /// for inclusion in this scope or scopes. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// scope or scopes. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeGroupCollectionsResources { - /// Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` resource kinds. This field defaults to `CouchbaseCollection` if not specified. + /// Kind indicates the kind of resource that is being referenced. A scope + /// can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + /// resource kinds. This field defaults to `CouchbaseCollection` if not + /// specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name is the name of the Kubernetes resource name that is being referenced. Legal collection names have a maximum length of 251 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + /// Name is the name of the Kubernetes resource name that is being referenced. + /// Legal collection names have a maximum length of 251 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". pub name: String, } @@ -57,25 +87,34 @@ pub enum CouchbaseScopeGroupCollectionsResourcesKind { CouchbaseCollectionGroup, } -/// Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// scope or scopes. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeGroupCollectionsSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeGroupCollectionsSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } diff --git a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopes.rs b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopes.rs index 32abd4c31..7f4eded62 100644 --- a/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopes.rs +++ b/kube-custom-resources-rs/src/couchbase_com/v2/couchbasescopes.rs @@ -18,40 +18,77 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct CouchbaseScopeSpec { - /// Collections defines how to collate collections included in this scope or scope group. Any of the provided methods may be used to collate a set of collections to manage. Collated collections must have unique names, otherwise it is considered ambiguous, and an error condition. + /// Collections defines how to collate collections included in this scope or scope group. + /// Any of the provided methods may be used to collate a set of collections to + /// manage. Collated collections must have unique names, otherwise it is + /// considered ambiguous, and an error condition. #[serde(default, skip_serializing_if = "Option::is_none")] pub collections: Option, - /// DefaultScope indicates whether this resource represents the default scope for a bucket. When set to `true`, this allows the user to refer to and manage collections within the default scope. When not defined, the Operator will implicitly manage the default scope as the default scope can not be deleted from Couchbase Server. The Operator defined default scope will also have the `persistDefaultCollection` flag set to `true`. Only one default scope is permitted to be contained in a bucket. + /// DefaultScope indicates whether this resource represents the default scope + /// for a bucket. When set to `true`, this allows the user to refer to and + /// manage collections within the default scope. When not defined, the Operator + /// will implicitly manage the default scope as the default scope can not be + /// deleted from Couchbase Server. The Operator defined default scope will + /// also have the `persistDefaultCollection` flag set to `true`. Only one + /// default scope is permitted to be contained in a bucket. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultScope")] pub default_scope: Option, - /// Name specifies the name of the scope. By default, the metadata.name is used to define the scope name, however, due to the limited character set, this field can be used to override the default and provide the full functionality. Additionally the `metadata.name` field is a DNS label, and thus limited to 63 characters, this field must be used if the name is longer than this limit. Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %. + /// Name specifies the name of the scope. By default, the metadata.name is + /// used to define the scope name, however, due to the limited character set, + /// this field can be used to override the default and provide the full functionality. + /// Additionally the `metadata.name` field is a DNS label, and thus limited to 63 + /// characters, this field must be used if the name is longer than this limit. + /// Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + /// and not start with either _ or %. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// Collections defines how to collate collections included in this scope or scope group. Any of the provided methods may be used to collate a set of collections to manage. Collated collections must have unique names, otherwise it is considered ambiguous, and an error condition. +/// Collections defines how to collate collections included in this scope or scope group. +/// Any of the provided methods may be used to collate a set of collections to +/// manage. Collated collections must have unique names, otherwise it is +/// considered ambiguous, and an error condition. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeCollections { - /// Managed indicates whether collections within this scope are managed. If not then you can dynamically create and delete collections with the Couchbase UI or SDKs. + /// Managed indicates whether collections within this scope are managed. + /// If not then you can dynamically create and delete collections with + /// the Couchbase UI or SDKs. #[serde(default, skip_serializing_if = "Option::is_none")] pub managed: Option, - /// PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. The default collection can be deleted, but can not be recreated by Couchbase Server. By setting this field to `true`, the Operator will implicitly manage the default collection within the default scope. The default collection cannot be modified and will have no document time-to-live (TTL). When set to `false`, the operator will not manage the default collection, which will be deleted and cannot be used or recreated. + /// PreserveDefaultCollection indicates whether the Operator should manage the + /// default collection within the default scope. The default collection can + /// be deleted, but can not be recreated by Couchbase Server. By setting this + /// field to `true`, the Operator will implicitly manage the default collection + /// within the default scope. The default collection cannot be modified and + /// will have no document time-to-live (TTL). When set to `false`, the operator + /// will not manage the default collection, which will be deleted and cannot be + /// used or recreated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preserveDefaultCollection")] pub preserve_default_collection: Option, - /// Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. + /// Resources is an explicit list of named resources that will be considered + /// for inclusion in this scope or scopes. If a resource reference doesn't + /// match a resource, then no error conditions are raised due to undefined + /// resource creation ordering and eventual consistency. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option>, - /// Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta + /// Selector allows resources to be implicitly considered for inclusion in this + /// scope or scopes. More info: + /// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeCollectionsResources { - /// Kind indicates the kind of resource that is being referenced. A scope can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` resource kinds. This field defaults to `CouchbaseCollection` if not specified. + /// Kind indicates the kind of resource that is being referenced. A scope + /// can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + /// resource kinds. This field defaults to `CouchbaseCollection` if not + /// specified. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Name is the name of the Kubernetes resource name that is being referenced. Legal collection names have a maximum length of 251 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + /// Name is the name of the Kubernetes resource name that is being referenced. + /// Legal collection names have a maximum length of 251 + /// characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". pub name: String, } @@ -61,25 +98,34 @@ pub enum CouchbaseScopeCollectionsResourcesKind { CouchbaseCollectionGroup, } -/// Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +/// Selector allows resources to be implicitly considered for inclusion in this +/// scope or scopes. More info: +/// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeCollectionsSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CouchbaseScopeCollectionsSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } diff --git a/kube-custom-resources-rs/src/crd_projectcalico_org/v1/bgpfilters.rs b/kube-custom-resources-rs/src/crd_projectcalico_org/v1/bgpfilters.rs index 1fcf8d150..19347cb1c 100644 --- a/kube-custom-resources-rs/src/crd_projectcalico_org/v1/bgpfilters.rs +++ b/kube-custom-resources-rs/src/crd_projectcalico_org/v1/bgpfilters.rs @@ -40,10 +40,20 @@ pub struct BGPFilterExportV4 { pub interface: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchOperator")] pub match_operator: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prefixLength")] + pub prefix_length: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub source: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BGPFilterExportV4PrefixLength { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub min: Option, +} + /// BGPFilterRuleV6 defines a BGP filter rule consisting a single IPv6 CIDR block and a filter action for this CIDR. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BGPFilterExportV6 { @@ -54,10 +64,20 @@ pub struct BGPFilterExportV6 { pub interface: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchOperator")] pub match_operator: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prefixLength")] + pub prefix_length: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub source: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BGPFilterExportV6PrefixLength { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub min: Option, +} + /// BGPFilterRuleV4 defines a BGP filter rule consisting a single IPv4 CIDR block and a filter action for this CIDR. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BGPFilterImportV4 { @@ -68,10 +88,20 @@ pub struct BGPFilterImportV4 { pub interface: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchOperator")] pub match_operator: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prefixLength")] + pub prefix_length: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub source: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BGPFilterImportV4PrefixLength { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub min: Option, +} + /// BGPFilterRuleV6 defines a BGP filter rule consisting a single IPv6 CIDR block and a filter action for this CIDR. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BGPFilterImportV6 { @@ -82,7 +112,17 @@ pub struct BGPFilterImportV6 { pub interface: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchOperator")] pub match_operator: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prefixLength")] + pub prefix_length: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub source: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BGPFilterImportV6PrefixLength { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub min: Option, +} + diff --git a/kube-custom-resources-rs/src/crd_projectcalico_org/v1/mod.rs b/kube-custom-resources-rs/src/crd_projectcalico_org/v1/mod.rs index f21d7a431..1804a5fc8 100644 --- a/kube-custom-resources-rs/src/crd_projectcalico_org/v1/mod.rs +++ b/kube-custom-resources-rs/src/crd_projectcalico_org/v1/mod.rs @@ -13,3 +13,4 @@ pub mod ippools; pub mod ipreservations; pub mod kubecontrollersconfigurations; pub mod networksets; +pub mod tiers; diff --git a/kube-custom-resources-rs/src/crd_projectcalico_org/v1/tiers.rs b/kube-custom-resources-rs/src/crd_projectcalico_org/v1/tiers.rs new file mode 100644 index 000000000..741f92e8c --- /dev/null +++ b/kube-custom-resources-rs/src/crd_projectcalico_org/v1/tiers.rs @@ -0,0 +1,23 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/tiers.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; +} +use self::prelude::*; + +/// TierSpec contains the specification for a security policy tier resource. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "crd.projectcalico.org", version = "v1", kind = "Tier", plural = "tiers")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct TierSpec { + /// Order is an optional field that specifies the order in which the tier is applied. Tiers with higher "order" are applied after those with lower order. If the order is omitted, it may be considered to be "infinite" - i.e. the tier will be applied last. Tiers with identical order will be applied in alphanumerical order based on the Tier "Name". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub order: Option, +} + diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs index 88e6dd23e..dcc5207f5 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs @@ -227,9 +227,7 @@ pub struct ExternalSecretStatusBinding { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs index 95f8f6acd..a48c31b3d 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs @@ -148,7 +148,6 @@ pub enum ClusterExternalSecretExternalSecretSpecDataRemoteRefMetadataPolicy { pub struct ClusterExternalSecretExternalSecretSpecDataSourceRef { /// GeneratorRef points to a generator custom resource. /// - /// /// Deprecated: The generatorRef is not implemented in .data[]. /// this will be removed with v1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generatorRef")] @@ -160,7 +159,6 @@ pub struct ClusterExternalSecretExternalSecretSpecDataSourceRef { /// GeneratorRef points to a generator custom resource. /// -/// /// Deprecated: The generatorRef is not implemented in .data[]. /// this will be removed with v1. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs index 4f6c58eca..e7554804a 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs @@ -926,8 +926,11 @@ pub struct ClusterSecretStoreProviderBitwardensecretsmanager { pub bitwarden_server_sdkurl: Option, /// Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack /// can be performed. - #[serde(rename = "caBundle")] - pub ca_bundle: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caProvider")] + pub ca_provider: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityURL")] pub identity_url: Option, /// OrganizationID determines which organization this secret store manages. @@ -970,6 +973,30 @@ pub struct ClusterSecretStoreProviderBitwardensecretsmanagerAuthSecretRefCredent pub namespace: Option, } +/// see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ClusterSecretStoreProviderBitwardensecretsmanagerCaProvider { + /// The key where the CA certificate can be found in the Secret or ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// The name of the object located at the provider type. + pub name: String, + /// The namespace the Provider type is in. + /// Can only be defined when used in a ClusterSecretStore. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// The type of provider to use such as "Secret", or "ConfigMap". + #[serde(rename = "type")] + pub r#type: ClusterSecretStoreProviderBitwardensecretsmanagerCaProviderType, +} + +/// see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterSecretStoreProviderBitwardensecretsmanagerCaProviderType { + Secret, + ConfigMap, +} + /// Chef configures this store to sync secrets with chef server #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderChef { diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs index 1b90a2cad..bab3866b6 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs @@ -114,7 +114,6 @@ pub enum ExternalSecretDataRemoteRefMetadataPolicy { pub struct ExternalSecretDataSourceRef { /// GeneratorRef points to a generator custom resource. /// - /// /// Deprecated: The generatorRef is not implemented in .data[]. /// this will be removed with v1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generatorRef")] @@ -126,7 +125,6 @@ pub struct ExternalSecretDataSourceRef { /// GeneratorRef points to a generator custom resource. /// -/// /// Deprecated: The generatorRef is not implemented in .data[]. /// this will be removed with v1. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -524,9 +522,7 @@ pub struct ExternalSecretStatusBinding { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs index eea282029..0fed96ead 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs @@ -927,8 +927,11 @@ pub struct SecretStoreProviderBitwardensecretsmanager { pub bitwarden_server_sdkurl: Option, /// Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack /// can be performed. - #[serde(rename = "caBundle")] - pub ca_bundle: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caProvider")] + pub ca_provider: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "identityURL")] pub identity_url: Option, /// OrganizationID determines which organization this secret store manages. @@ -971,6 +974,30 @@ pub struct SecretStoreProviderBitwardensecretsmanagerAuthSecretRefCredentials { pub namespace: Option, } +/// see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct SecretStoreProviderBitwardensecretsmanagerCaProvider { + /// The key where the CA certificate can be found in the Secret or ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// The name of the object located at the provider type. + pub name: String, + /// The namespace the Provider type is in. + /// Can only be defined when used in a ClusterSecretStore. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// The type of provider to use such as "Secret", or "ConfigMap". + #[serde(rename = "type")] + pub r#type: SecretStoreProviderBitwardensecretsmanagerCaProviderType, +} + +/// see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SecretStoreProviderBitwardensecretsmanagerCaProviderType { + Secret, + ConfigMap, +} + /// Chef configures this store to sync secrets with chef server #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderChef { diff --git a/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs b/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs index 0a69122f4..bfcf36577 100644 --- a/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs +++ b/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs @@ -64,6 +64,8 @@ pub enum FlinkDeploymentFlinkVersion { V118, #[serde(rename = "v1_19")] V119, + #[serde(rename = "v1_20")] + V120, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1082,6 +1084,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecContainersResourcesClaims { pub struct FlinkDeploymentJobManagerPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1104,6 +1108,14 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecContainersSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateSpecContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateSpecContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1230,6 +1242,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -1688,6 +1702,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecEphemeralContainersResourcesC pub struct FlinkDeploymentJobManagerPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1710,6 +1726,14 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecEphemeralContainersSecurityCo pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateSpecEphemeralContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateSpecEphemeralContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1836,6 +1860,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecEphemeralContainersVolumeMoun pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -2288,6 +2314,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecInitContainersResourcesClaims pub struct FlinkDeploymentJobManagerPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2310,6 +2338,14 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecInitContainersSecurityContext pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateSpecInitContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateSpecInitContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2436,6 +2472,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecInitContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -2478,6 +2516,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecSchedulingGates { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateSpecSecurityContext { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] @@ -2500,6 +2540,14 @@ pub struct FlinkDeploymentJobManagerPodTemplateSpecSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateSpecSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateSpecSecurityContextSeLinuxOptions { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3454,6 +3502,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateStatusContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3556,6 +3606,18 @@ pub struct FlinkDeploymentJobManagerPodTemplateStatusContainerStatusesStateWaiti pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateStatusContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateStatusEphemeralContainerStatuses { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] @@ -3580,6 +3642,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateStatusEphemeralContainerStatuses pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3682,6 +3746,18 @@ pub struct FlinkDeploymentJobManagerPodTemplateStatusEphemeralContainerStatusesS pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateStatusEphemeralContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateStatusHostIPs { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3712,6 +3788,8 @@ pub struct FlinkDeploymentJobManagerPodTemplateStatusInitContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3814,6 +3892,18 @@ pub struct FlinkDeploymentJobManagerPodTemplateStatusInitContainerStatusesStateW pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentJobManagerPodTemplateStatusInitContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentJobManagerPodTemplateStatusPodIPs { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4774,6 +4864,8 @@ pub struct FlinkDeploymentPodTemplateSpecContainersResourcesClaims { pub struct FlinkDeploymentPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4796,6 +4888,14 @@ pub struct FlinkDeploymentPodTemplateSpecContainersSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateSpecContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateSpecContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4922,6 +5022,8 @@ pub struct FlinkDeploymentPodTemplateSpecContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -5380,6 +5482,8 @@ pub struct FlinkDeploymentPodTemplateSpecEphemeralContainersResourcesClaims { pub struct FlinkDeploymentPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5402,6 +5506,14 @@ pub struct FlinkDeploymentPodTemplateSpecEphemeralContainersSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateSpecEphemeralContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateSpecEphemeralContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5528,6 +5640,8 @@ pub struct FlinkDeploymentPodTemplateSpecEphemeralContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -5980,6 +6094,8 @@ pub struct FlinkDeploymentPodTemplateSpecInitContainersResourcesClaims { pub struct FlinkDeploymentPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6002,6 +6118,14 @@ pub struct FlinkDeploymentPodTemplateSpecInitContainersSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateSpecInitContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateSpecInitContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6128,6 +6252,8 @@ pub struct FlinkDeploymentPodTemplateSpecInitContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -6170,6 +6296,8 @@ pub struct FlinkDeploymentPodTemplateSpecSchedulingGates { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateSpecSecurityContext { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] @@ -6192,6 +6320,14 @@ pub struct FlinkDeploymentPodTemplateSpecSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateSpecSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateSpecSecurityContextSeLinuxOptions { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -7146,6 +7282,8 @@ pub struct FlinkDeploymentPodTemplateStatusContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7248,6 +7386,18 @@ pub struct FlinkDeploymentPodTemplateStatusContainerStatusesStateWaiting { pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateStatusContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateStatusEphemeralContainerStatuses { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] @@ -7272,6 +7422,8 @@ pub struct FlinkDeploymentPodTemplateStatusEphemeralContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7374,6 +7526,18 @@ pub struct FlinkDeploymentPodTemplateStatusEphemeralContainerStatusesStateWaitin pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateStatusEphemeralContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateStatusHostIPs { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -7404,6 +7568,8 @@ pub struct FlinkDeploymentPodTemplateStatusInitContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7506,6 +7672,18 @@ pub struct FlinkDeploymentPodTemplateStatusInitContainerStatusesStateWaiting { pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentPodTemplateStatusInitContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentPodTemplateStatusPodIPs { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -8458,6 +8636,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecContainersResourcesClaims { pub struct FlinkDeploymentTaskManagerPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -8480,6 +8660,14 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecContainersSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateSpecContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateSpecContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -8606,6 +8794,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -9064,6 +9254,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecEphemeralContainersResources pub struct FlinkDeploymentTaskManagerPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -9086,6 +9278,14 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecEphemeralContainersSecurityC pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateSpecEphemeralContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateSpecEphemeralContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -9212,6 +9412,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecEphemeralContainersVolumeMou pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -9664,6 +9866,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecInitContainersResourcesClaim pub struct FlinkDeploymentTaskManagerPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -9686,6 +9890,14 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecInitContainersSecurityContex pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateSpecInitContainersSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateSpecInitContainersSecurityContextCapabilities { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -9812,6 +10024,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecInitContainersVolumeMounts { pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] @@ -9854,6 +10068,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecSchedulingGates { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateSpecSecurityContext { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] pub fs_group: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] @@ -9876,6 +10092,14 @@ pub struct FlinkDeploymentTaskManagerPodTemplateSpecSecurityContext { pub windows_options: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateSpecSecurityContextAppArmorProfile { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateSpecSecurityContextSeLinuxOptions { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -10830,6 +11054,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateStatusContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -10932,6 +11158,18 @@ pub struct FlinkDeploymentTaskManagerPodTemplateStatusContainerStatusesStateWait pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateStatusContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateStatusEphemeralContainerStatuses { #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] @@ -10956,6 +11194,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateStatusEphemeralContainerStatuses pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -11058,6 +11298,18 @@ pub struct FlinkDeploymentTaskManagerPodTemplateStatusEphemeralContainerStatuses pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateStatusEphemeralContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateStatusHostIPs { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -11088,6 +11340,8 @@ pub struct FlinkDeploymentTaskManagerPodTemplateStatusInitContainerStatuses { pub started: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -11190,6 +11444,18 @@ pub struct FlinkDeploymentTaskManagerPodTemplateStatusInitContainerStatusesState pub reason: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlinkDeploymentTaskManagerPodTemplateStatusInitContainerStatusesVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlinkDeploymentTaskManagerPodTemplateStatusPodIPs { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs index dc2b558c5..cf9a088b6 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs @@ -46,6 +46,9 @@ pub struct ClusterFilterFilters { /// Kubernetes defines Kubernetes Filter configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, + /// LogToMetrics defines a Log to Metrics Filter configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logToMetrics")] + pub log_to_metrics: Option, /// Lua defines Lua Filter configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub lua: Option, @@ -283,6 +286,69 @@ pub struct ClusterFilterFiltersKubernetes { pub use_kubelet: Option, } +/// LogToMetrics defines a Log to Metrics Filter configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterFilterFiltersLogToMetrics { + /// Add a custom label NAME and set the value to the value of KEY + #[serde(default, skip_serializing_if = "Option::is_none", rename = "addLabel")] + pub add_label: Option>, + /// Alias for the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub alias: Option, + /// Defines a bucket for histogram + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bucket: Option>, + /// Flag that defines if logs should be discarded after processing. This applies + /// for all logs, no matter if they have emitted metrics or not. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "discardLogs")] + pub discard_logs: Option, + /// set a buffer limit to restrict memory usage of metrics emitter + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emitterMemBufLimit")] + pub emitter_mem_buf_limit: Option, + /// Name of the emitter (advanced users) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emitterName")] + pub emitter_name: Option, + /// Optional filter for records in which the content of KEY does not matches the regular expression. + /// Value Format: FIELD REGEX + #[serde(default, skip_serializing_if = "Option::is_none")] + pub exclude: Option>, + /// If enabled, it will automatically put pod_id, pod_name, namespace_name, docker_id and container_name + /// into the metric as labels. This option is intended to be used in combination with the kubernetes filter plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesMode")] + pub kubernetes_mode: Option, + /// Includes a record field as label dimension in the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelField")] + pub label_field: Option>, + /// Sets a help text for the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricDescription")] + pub metric_description: Option, + /// Defines the mode for the metric. Valid values are [counter, gauge or histogram] + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricMode")] + pub metric_mode: Option, + /// Sets the name of the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricName")] + pub metric_name: Option, + /// Namespace of the metric + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricNamespace")] + pub metric_namespace: Option, + /// Sets a sub-system for the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricSubsystem")] + pub metric_subsystem: Option, + /// Optional filter for records in which the content of KEY matches the regular expression. + /// Value Format: FIELD REGEX + #[serde(default, skip_serializing_if = "Option::is_none")] + pub regex: Option>, + /// RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryLimit")] + pub retry_limit: Option, + /// Defines the tag for the generated metrics record + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tag: Option, + /// Specify the record field that holds a numerical value + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueField")] + pub value_field: Option, +} + /// Lua defines Lua Filter configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterFilterFiltersLua { diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs index 4a9688b11..1c4b3f50c 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs @@ -2952,6 +2952,9 @@ pub struct ClusterOutputOpentelemetry { /// Log the response payload within the Fluent Bit log. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logResponsePayload")] pub log_response_payload: Option, + /// If true, remaining unmatched keys are added as attributes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKeyAttributes")] + pub logs_body_key_attributes: Option, /// Specify an optional HTTP URI for the target web server listening for logs, e.g: /v1/logs #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsUri")] pub logs_uri: Option, @@ -4172,6 +4175,9 @@ pub struct ClusterOutputSyslog { /// and general configuration, please refer to the TLS/SSL section. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, + /// Limit the maximum number of Chunks in the filesystem for the current output logical destination. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "totalLimitSize")] + pub total_limit_size: Option, } /// Include fluentbit networking options for this output-plugin diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs index 4d1a3317a..f9f1a9312 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs @@ -47,6 +47,9 @@ pub struct FilterFilters { /// Kubernetes defines Kubernetes Filter configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubernetes: Option, + /// LogToMetrics defines a Log to Metrics Filter configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logToMetrics")] + pub log_to_metrics: Option, /// Lua defines Lua Filter configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub lua: Option, @@ -284,6 +287,69 @@ pub struct FilterFiltersKubernetes { pub use_kubelet: Option, } +/// LogToMetrics defines a Log to Metrics Filter configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FilterFiltersLogToMetrics { + /// Add a custom label NAME and set the value to the value of KEY + #[serde(default, skip_serializing_if = "Option::is_none", rename = "addLabel")] + pub add_label: Option>, + /// Alias for the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub alias: Option, + /// Defines a bucket for histogram + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bucket: Option>, + /// Flag that defines if logs should be discarded after processing. This applies + /// for all logs, no matter if they have emitted metrics or not. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "discardLogs")] + pub discard_logs: Option, + /// set a buffer limit to restrict memory usage of metrics emitter + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emitterMemBufLimit")] + pub emitter_mem_buf_limit: Option, + /// Name of the emitter (advanced users) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emitterName")] + pub emitter_name: Option, + /// Optional filter for records in which the content of KEY does not matches the regular expression. + /// Value Format: FIELD REGEX + #[serde(default, skip_serializing_if = "Option::is_none")] + pub exclude: Option>, + /// If enabled, it will automatically put pod_id, pod_name, namespace_name, docker_id and container_name + /// into the metric as labels. This option is intended to be used in combination with the kubernetes filter plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesMode")] + pub kubernetes_mode: Option, + /// Includes a record field as label dimension in the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelField")] + pub label_field: Option>, + /// Sets a help text for the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricDescription")] + pub metric_description: Option, + /// Defines the mode for the metric. Valid values are [counter, gauge or histogram] + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricMode")] + pub metric_mode: Option, + /// Sets the name of the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricName")] + pub metric_name: Option, + /// Namespace of the metric + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricNamespace")] + pub metric_namespace: Option, + /// Sets a sub-system for the metric. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricSubsystem")] + pub metric_subsystem: Option, + /// Optional filter for records in which the content of KEY matches the regular expression. + /// Value Format: FIELD REGEX + #[serde(default, skip_serializing_if = "Option::is_none")] + pub regex: Option>, + /// RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryLimit")] + pub retry_limit: Option, + /// Defines the tag for the generated metrics record + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tag: Option, + /// Specify the record field that holds a numerical value + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueField")] + pub value_field: Option, +} + /// Lua defines Lua Filter configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FilterFiltersLua { diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs index f0cca0ecd..115af6bb7 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs @@ -2953,6 +2953,9 @@ pub struct OutputOpentelemetry { /// Log the response payload within the Fluent Bit log. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logResponsePayload")] pub log_response_payload: Option, + /// If true, remaining unmatched keys are added as attributes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKeyAttributes")] + pub logs_body_key_attributes: Option, /// Specify an optional HTTP URI for the target web server listening for logs, e.g: /v1/logs #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsUri")] pub logs_uri: Option, @@ -4173,6 +4176,9 @@ pub struct OutputSyslog { /// and general configuration, please refer to the TLS/SSL section. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, + /// Limit the maximum number of Chunks in the filesystem for the current output logical destination. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "totalLimitSize")] + pub total_limit_size: Option, } /// Include fluentbit networking options for this output-plugin diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs index b98e38b08..7a0901d19 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs @@ -163,6 +163,9 @@ pub struct GRPCRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of GRPC matchers, filters and actions. + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -445,6 +448,13 @@ pub struct GRPCRouteRules { /// the above criteria. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs index 2e6d2cf1f..c8269a78c 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs @@ -167,6 +167,9 @@ pub struct HTTPRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of HTTP matchers, filters and actions. + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -481,6 +484,13 @@ pub struct HTTPRouteRules { /// parent a request is coming from, a HTTP 404 status code MUST be returned. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs index 2822c86c5..bcd93dc7a 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs @@ -162,6 +162,9 @@ pub struct GRPCRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of GRPC matchers, filters and actions. + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -444,6 +447,13 @@ pub struct GRPCRouteRules { /// the above criteria. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tcproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tcproutes.rs index f4814c01b..d19e3d09d 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tcproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tcproutes.rs @@ -101,6 +101,9 @@ pub struct TCPRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of TCP matchers and actions. + /// + /// + /// pub rules: Vec, } @@ -268,6 +271,12 @@ pub struct TCPRouteRules { /// Support for weight: Extended #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendRefs")] pub backend_refs: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BackendRef defines how a Route should forward a request to a Kubernetes diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tlsroutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tlsroutes.rs index a5347331c..12802603f 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tlsroutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/tlsroutes.rs @@ -142,6 +142,9 @@ pub struct TLSRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of TLS matchers and actions. + /// + /// + /// pub rules: Vec, } @@ -312,6 +315,12 @@ pub struct TLSRouteRules { /// Support for weight: Extended #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendRefs")] pub backend_refs: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BackendRef defines how a Route should forward a request to a Kubernetes diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/udproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/udproutes.rs index a23604f41..60729e1d9 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/udproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/udproutes.rs @@ -101,6 +101,9 @@ pub struct UDPRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of UDP matchers and actions. + /// + /// + /// pub rules: Vec, } @@ -268,6 +271,12 @@ pub struct UDPRouteRules { /// Support for weight: Extended #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendRefs")] pub backend_refs: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BackendRef defines how a Route should forward a request to a Kubernetes diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs index 7570f5975..5597e6313 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs @@ -167,6 +167,9 @@ pub struct HTTPRouteSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentRefs")] pub parent_refs: Option>, /// Rules are a list of HTTP matchers, filters and actions. + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -481,6 +484,13 @@ pub struct HTTPRouteRules { /// parent a request is coming from, a HTTP 404 status code MUST be returned. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// + /// Support: Extended + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs index 59156cf4e..11441b7fe 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs @@ -304,7 +304,7 @@ pub struct BackupAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -315,7 +315,7 @@ pub struct BackupAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -425,7 +425,7 @@ pub struct BackupAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecuti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -436,7 +436,7 @@ pub struct BackupAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecuti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -577,7 +577,7 @@ pub struct BackupAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -588,7 +588,7 @@ pub struct BackupAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -698,7 +698,7 @@ pub struct BackupAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -709,7 +709,7 @@ pub struct BackupAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -807,9 +807,7 @@ pub struct BackupImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -838,7 +836,6 @@ pub struct BackupMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -888,12 +885,10 @@ pub struct BackupPodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -943,15 +938,24 @@ pub struct BackupPodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -1019,7 +1023,6 @@ pub struct BackupPodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1070,11 +1073,9 @@ pub struct BackupResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1097,6 +1098,11 @@ pub struct BackupResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// BackupSpec defines the desired state of Backup @@ -1146,7 +1152,7 @@ pub struct BackupSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -1269,7 +1275,6 @@ pub struct BackupSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1386,7 +1391,7 @@ pub struct BackupStoragePersistentVolumeClaim { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -1545,9 +1550,7 @@ pub struct BackupStorageS3AccessKeyIdSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1564,9 +1567,7 @@ pub struct BackupStorageS3SecretAccessKeySecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1583,9 +1584,7 @@ pub struct BackupStorageS3SessionTokenSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1615,9 +1614,7 @@ pub struct BackupStorageS3TlsCaSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1663,7 +1660,6 @@ pub struct BackupStorageVolume { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -1674,17 +1670,14 @@ pub struct BackupStorageVolume { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1719,11 +1712,24 @@ pub struct BackupStorageVolume { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -1778,7 +1784,6 @@ pub struct BackupStorageVolumeAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -1874,9 +1879,7 @@ pub struct BackupStorageVolumeCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1914,9 +1917,7 @@ pub struct BackupStorageVolumeCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1946,9 +1947,7 @@ pub struct BackupStorageVolumeConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2015,9 +2014,7 @@ pub struct BackupStorageVolumeCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2111,7 +2108,6 @@ pub struct BackupStorageVolumeEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -2122,17 +2118,14 @@ pub struct BackupStorageVolumeEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2145,7 +2138,6 @@ pub struct BackupStorageVolumeEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -2155,11 +2147,9 @@ pub struct BackupStorageVolumeEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -2173,7 +2163,6 @@ pub struct BackupStorageVolumeEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -2183,11 +2172,9 @@ pub struct BackupStorageVolumeEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupStorageVolumeEphemeralVolumeClaimTemplate { @@ -2280,7 +2267,7 @@ pub struct BackupStorageVolumeEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -2409,7 +2396,6 @@ pub struct BackupStorageVolumeFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -2466,9 +2452,7 @@ pub struct BackupStorageVolumeFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2494,7 +2478,6 @@ pub struct BackupStorageVolumeGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -2556,9 +2539,6 @@ pub struct BackupStorageVolumeGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupStorageVolumeHostPath { /// path of the directory on the host. @@ -2572,6 +2552,39 @@ pub struct BackupStorageVolumeHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackupStorageVolumeImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -2587,7 +2600,6 @@ pub struct BackupStorageVolumeIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -2627,9 +2639,7 @@ pub struct BackupStorageVolumeIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2707,25 +2717,24 @@ pub struct BackupStorageVolumeProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupStorageVolumeProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -2750,14 +2759,11 @@ pub struct BackupStorageVolumeProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -2840,9 +2846,7 @@ pub struct BackupStorageVolumeProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2941,9 +2945,7 @@ pub struct BackupStorageVolumeProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -3028,7 +3030,6 @@ pub struct BackupStorageVolumeRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -3075,9 +3076,7 @@ pub struct BackupStorageVolumeRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3130,9 +3129,7 @@ pub struct BackupStorageVolumeScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3226,9 +3223,7 @@ pub struct BackupStorageVolumeStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs index 2e757b398..e7e6aa835 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/connections.rs @@ -82,7 +82,6 @@ pub struct ConnectionMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -123,7 +122,6 @@ pub struct ConnectionMaxScaleRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -158,9 +156,7 @@ pub struct ConnectionPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/databases.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/databases.rs index a19fce54b..dd7797434 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/databases.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/databases.rs @@ -22,6 +22,9 @@ pub struct DatabaseSpec { /// CharacterSet to use in the Database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "characterSet")] pub character_set: Option, + /// CleanupPolicy defines the behavior for cleaning up a SQL resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cleanupPolicy")] + pub cleanup_policy: Option, /// Collate to use in the Database. #[serde(default, skip_serializing_if = "Option::is_none")] pub collate: Option, @@ -39,6 +42,13 @@ pub struct DatabaseSpec { pub retry_interval: Option, } +/// DatabaseSpec defines the desired state of Database +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum DatabaseCleanupPolicy { + Skip, + Delete, +} + /// MariaDBRef is a reference to a MariaDB object. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseMariaDbRef { @@ -52,7 +62,6 @@ pub struct DatabaseMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/grants.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/grants.rs index 384b46f16..fb05b2194 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/grants.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/grants.rs @@ -19,6 +19,9 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrantSpec { + /// CleanupPolicy defines the behavior for cleaning up a SQL resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cleanupPolicy")] + pub cleanup_policy: Option, /// Database to use in the Grant. #[serde(default, skip_serializing_if = "Option::is_none")] pub database: Option, @@ -46,6 +49,13 @@ pub struct GrantSpec { pub username: String, } +/// GrantSpec defines the desired state of Grant +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum GrantCleanupPolicy { + Skip, + Delete, +} + /// MariaDBRef is a reference to a MariaDB object. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrantMariaDbRef { @@ -59,7 +69,6 @@ pub struct GrantMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs index fa8e5acd8..428f5f156 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs @@ -33,10 +33,12 @@ pub struct MariaDBSpec { /// Command to be used in the Container. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, - /// Connection defines templates to configure the general Connection object. + /// Connection defines a template to configure the general Connection object. + /// This Connection provides the initial User access to the initial Database. + /// It will make use of the Service to route network traffic to all Pods. #[serde(default, skip_serializing_if = "Option::is_none")] pub connection: Option, - /// Database is the initial database to be created by the operator once MariaDB is ready. + /// Database is the name of the initial Database. #[serde(default, skip_serializing_if = "Option::is_none")] pub database: Option, /// Env represents the environment variables to be injected in a container. @@ -90,7 +92,14 @@ pub struct MariaDBSpec { /// NodeSelector to be used in the Pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// PasswordSecretKeyRef is a reference to a Secret that contains the password for the initial user. + /// PasswordHashSecretKeyRef is a reference to the password hash to be used by the initial User. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordHashSecretKeyRef")] + pub password_hash_secret_key_ref: Option, + /// PasswordPlugin is a reference to the password plugin and arguments to be used by the initial User. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordPlugin")] + pub password_plugin: Option, + /// PasswordSecretKeyRef is a reference to a Secret that contains the password to be used by the initial User. /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordSecretKeyRef")] pub password_secret_key_ref: Option, @@ -106,10 +115,13 @@ pub struct MariaDBSpec { /// Port where the instances will be listening for connections. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, - /// PrimaryConnection defines templates to configure the primary Connection object. + /// PrimaryConnection defines a template to configure the primary Connection object. + /// This Connection provides the initial User access to the initial Database. + /// It will make use of the PrimaryService to route network traffic to the primary Pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "primaryConnection")] pub primary_connection: Option, - /// PrimaryService defines templates to configure the primary Service object. + /// PrimaryService defines a template to configure the primary Service object. + /// The network traffic of this Service will be routed to the primary Pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "primaryService")] pub primary_service: Option, /// PriorityClassName to be used in the Pod. @@ -136,16 +148,20 @@ pub struct MariaDBSpec { /// RootPasswordSecretKeyRef is a reference to a Secret key containing the root password. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootPasswordSecretKeyRef")] pub root_password_secret_key_ref: Option, - /// SecondaryConnection defines templates to configure the secondary Connection object. + /// SecondaryConnection defines a template to configure the secondary Connection object. + /// This Connection provides the initial User access to the initial Database. + /// It will make use of the SecondaryService to route network traffic to the secondary Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secondaryConnection")] pub secondary_connection: Option, - /// SecondaryService defines templates to configure the secondary Service object. + /// SecondaryService defines a template to configure the secondary Service object. + /// The network traffic of this Service will be routed to the secondary Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secondaryService")] pub secondary_service: Option, /// SecurityContext holds security configuration that will be applied to a container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, - /// Service defines templates to configure the general Service object. + /// Service defines a template to configure the general Service object. + /// The network traffic of this Service will be routed to all Pods. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, /// ServiceAccountName is the name of the ServiceAccount to be used by the Pods. @@ -174,6 +190,7 @@ pub struct MariaDBSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] pub update_strategy: Option, /// Username is the initial username to be created by the operator once MariaDB is ready. It has all privileges on the initial database. + /// The initial User will have ALL PRIVILEGES in the initial Database. #[serde(default, skip_serializing_if = "Option::is_none")] pub username: Option, /// VolumeMounts to be used in the Container. @@ -394,7 +411,7 @@ pub struct MariaDBAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -405,7 +422,7 @@ pub struct MariaDBAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -515,7 +532,7 @@ pub struct MariaDBAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -526,7 +543,7 @@ pub struct MariaDBAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -667,7 +684,7 @@ pub struct MariaDBAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -678,7 +695,7 @@ pub struct MariaDBAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -788,7 +805,7 @@ pub struct MariaDBAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -799,7 +816,7 @@ pub struct MariaDBAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -917,9 +934,7 @@ pub struct MariaDBBootstrapFromBackupRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1151,7 +1166,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1162,7 +1177,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1272,7 +1287,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1283,7 +1298,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1424,7 +1439,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1435,7 +1450,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1545,7 +1560,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1556,7 +1571,7 @@ pub struct MariaDBBootstrapFromRestoreJobAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1663,11 +1678,9 @@ pub struct MariaDBBootstrapFromRestoreJobResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1690,6 +1703,11 @@ pub struct MariaDBBootstrapFromRestoreJobResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. @@ -1728,9 +1746,7 @@ pub struct MariaDBBootstrapFromS3AccessKeyIdSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1747,9 +1763,7 @@ pub struct MariaDBBootstrapFromS3SecretAccessKeySecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1766,9 +1780,7 @@ pub struct MariaDBBootstrapFromS3SessionTokenSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1798,9 +1810,7 @@ pub struct MariaDBBootstrapFromS3TlsCaSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1846,7 +1856,6 @@ pub struct MariaDBBootstrapFromVolume { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -1857,17 +1866,14 @@ pub struct MariaDBBootstrapFromVolume { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1902,11 +1908,24 @@ pub struct MariaDBBootstrapFromVolume { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -1961,7 +1980,6 @@ pub struct MariaDBBootstrapFromVolumeAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -2057,9 +2075,7 @@ pub struct MariaDBBootstrapFromVolumeCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2097,9 +2113,7 @@ pub struct MariaDBBootstrapFromVolumeCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2129,9 +2143,7 @@ pub struct MariaDBBootstrapFromVolumeConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2198,9 +2210,7 @@ pub struct MariaDBBootstrapFromVolumeCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2294,7 +2304,6 @@ pub struct MariaDBBootstrapFromVolumeEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -2305,17 +2314,14 @@ pub struct MariaDBBootstrapFromVolumeEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2328,7 +2334,6 @@ pub struct MariaDBBootstrapFromVolumeEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -2338,11 +2343,9 @@ pub struct MariaDBBootstrapFromVolumeEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -2356,7 +2359,6 @@ pub struct MariaDBBootstrapFromVolumeEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -2366,11 +2368,9 @@ pub struct MariaDBBootstrapFromVolumeEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBBootstrapFromVolumeEphemeralVolumeClaimTemplate { @@ -2463,7 +2463,7 @@ pub struct MariaDBBootstrapFromVolumeEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -2592,7 +2592,6 @@ pub struct MariaDBBootstrapFromVolumeFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -2649,9 +2648,7 @@ pub struct MariaDBBootstrapFromVolumeFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2677,7 +2674,6 @@ pub struct MariaDBBootstrapFromVolumeGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -2739,9 +2735,6 @@ pub struct MariaDBBootstrapFromVolumeGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBBootstrapFromVolumeHostPath { /// path of the directory on the host. @@ -2755,6 +2748,39 @@ pub struct MariaDBBootstrapFromVolumeHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBBootstrapFromVolumeImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -2770,7 +2796,6 @@ pub struct MariaDBBootstrapFromVolumeIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -2810,9 +2835,7 @@ pub struct MariaDBBootstrapFromVolumeIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2890,25 +2913,24 @@ pub struct MariaDBBootstrapFromVolumeProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBBootstrapFromVolumeProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -2933,14 +2955,11 @@ pub struct MariaDBBootstrapFromVolumeProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -3023,9 +3042,7 @@ pub struct MariaDBBootstrapFromVolumeProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -3124,9 +3141,7 @@ pub struct MariaDBBootstrapFromVolumeProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -3211,7 +3226,6 @@ pub struct MariaDBBootstrapFromVolumeRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -3258,9 +3272,7 @@ pub struct MariaDBBootstrapFromVolumeRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3313,9 +3325,7 @@ pub struct MariaDBBootstrapFromVolumeScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3409,9 +3419,7 @@ pub struct MariaDBBootstrapFromVolumeStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3435,7 +3443,9 @@ pub struct MariaDBBootstrapFromVolumeVsphereVolume { pub volume_path: String, } -/// Connection defines templates to configure the general Connection object. +/// Connection defines a template to configure the general Connection object. +/// This Connection provides the initial User access to the initial Database. +/// It will make use of the Service to route network traffic to all Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBConnection { /// HealthCheck to be used in the Connection. @@ -3558,9 +3568,7 @@ pub struct MariaDBEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3603,9 +3611,7 @@ pub struct MariaDBEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3634,9 +3640,7 @@ pub struct MariaDBEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3651,9 +3655,7 @@ pub struct MariaDBEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3803,9 +3805,7 @@ pub struct MariaDBGaleraAgentEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3848,9 +3848,7 @@ pub struct MariaDBGaleraAgentEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3879,9 +3877,7 @@ pub struct MariaDBGaleraAgentEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3896,9 +3892,7 @@ pub struct MariaDBGaleraAgentEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3996,7 +3990,6 @@ pub struct MariaDBGaleraAgentLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4117,7 +4110,6 @@ pub struct MariaDBGaleraAgentReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4174,11 +4166,9 @@ pub struct MariaDBGaleraAgentResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4201,6 +4191,11 @@ pub struct MariaDBGaleraAgentResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -4232,7 +4227,7 @@ pub struct MariaDBGaleraAgentSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4355,7 +4350,6 @@ pub struct MariaDBGaleraAgentSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4415,10 +4409,8 @@ pub struct MariaDBGaleraAgentVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4426,11 +4418,9 @@ pub struct MariaDBGaleraAgentVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4528,7 +4518,7 @@ pub struct MariaDBGaleraConfigVolumeClaimTemplate { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -4748,9 +4738,7 @@ pub struct MariaDBGaleraInitContainerEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4793,9 +4781,7 @@ pub struct MariaDBGaleraInitContainerEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4824,9 +4810,7 @@ pub struct MariaDBGaleraInitContainerEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4841,9 +4825,7 @@ pub struct MariaDBGaleraInitContainerEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4929,7 +4911,6 @@ pub struct MariaDBGaleraInitContainerLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5050,7 +5031,6 @@ pub struct MariaDBGaleraInitContainerReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5107,11 +5087,9 @@ pub struct MariaDBGaleraInitContainerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5134,6 +5112,11 @@ pub struct MariaDBGaleraInitContainerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -5165,7 +5148,7 @@ pub struct MariaDBGaleraInitContainerSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -5288,7 +5271,6 @@ pub struct MariaDBGaleraInitContainerSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5348,10 +5330,8 @@ pub struct MariaDBGaleraInitContainerVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5359,11 +5339,9 @@ pub struct MariaDBGaleraInitContainerVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5606,7 +5584,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAffinityPreferredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5617,7 +5595,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAffinityPreferredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5727,7 +5705,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAffinityRequiredDuringSchedulingIgnore /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5738,7 +5716,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAffinityRequiredDuringSchedulingIgnore /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5879,7 +5857,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAntiAffinityPreferredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5890,7 +5868,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAntiAffinityPreferredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -6000,7 +5978,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAntiAffinityRequiredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -6011,7 +5989,7 @@ pub struct MariaDBGaleraInitJobAffinityPodAntiAffinityRequiredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -6118,11 +6096,9 @@ pub struct MariaDBGaleraInitJobResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6145,6 +6121,11 @@ pub struct MariaDBGaleraInitJobResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Primary is the Galera configuration for the primary node. @@ -6225,11 +6206,9 @@ pub struct MariaDBGaleraRecoveryJobResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6252,6 +6231,11 @@ pub struct MariaDBGaleraRecoveryJobResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Replication configures high availability via Galera. @@ -6281,9 +6265,7 @@ pub struct MariaDBImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6385,9 +6367,7 @@ pub struct MariaDBInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6430,9 +6410,7 @@ pub struct MariaDBInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6461,9 +6439,7 @@ pub struct MariaDBInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -6478,9 +6454,7 @@ pub struct MariaDBInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -6566,7 +6540,6 @@ pub struct MariaDBInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -6687,7 +6660,6 @@ pub struct MariaDBInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -6744,11 +6716,9 @@ pub struct MariaDBInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6771,6 +6741,11 @@ pub struct MariaDBInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -6802,7 +6777,7 @@ pub struct MariaDBInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -6925,7 +6900,6 @@ pub struct MariaDBInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -6985,10 +6959,8 @@ pub struct MariaDBInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -6996,11 +6968,9 @@ pub struct MariaDBInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -7086,7 +7056,6 @@ pub struct MariaDBLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -7288,9 +7257,7 @@ pub struct MariaDBMaxScaleAuthAdminPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7311,9 +7278,7 @@ pub struct MariaDBMaxScaleAuthClientPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7334,9 +7299,7 @@ pub struct MariaDBMaxScaleAuthMetricsPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7357,9 +7320,7 @@ pub struct MariaDBMaxScaleAuthMonitorPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7380,9 +7341,7 @@ pub struct MariaDBMaxScaleAuthServerPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7403,9 +7362,7 @@ pub struct MariaDBMaxScaleAuthSyncPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7513,7 +7470,7 @@ pub struct MariaDBMaxScaleConfigVolumeClaimTemplate { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -8124,7 +8081,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -8135,7 +8092,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -8245,7 +8202,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -8256,7 +8213,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -8397,7 +8354,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -8408,7 +8365,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -8518,7 +8475,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -8529,7 +8486,7 @@ pub struct MariaDBMaxScaleMetricsExporterAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -8668,9 +8625,7 @@ pub struct MariaDBMaxScaleMetricsExporterEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8713,9 +8668,7 @@ pub struct MariaDBMaxScaleMetricsExporterEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8744,9 +8697,7 @@ pub struct MariaDBMaxScaleMetricsExporterEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -8761,9 +8712,7 @@ pub struct MariaDBMaxScaleMetricsExporterEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -8787,9 +8736,7 @@ pub struct MariaDBMaxScaleMetricsExporterImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -8880,9 +8827,7 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersEnvValueFromConfigMapKeyR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8925,9 +8870,7 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersEnvValueFromSecretKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8956,9 +8899,7 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -8973,9 +8914,7 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -9061,7 +9000,6 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9182,7 +9120,6 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9239,11 +9176,9 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -9266,6 +9201,11 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -9297,7 +9237,7 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -9420,7 +9360,6 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersSecurityContextSeccompPro /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -9480,10 +9419,8 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -9491,11 +9428,9 @@ pub struct MariaDBMaxScaleMetricsExporterInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -9581,7 +9516,6 @@ pub struct MariaDBMaxScaleMetricsExporterLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9654,12 +9588,10 @@ pub struct MariaDBMaxScaleMetricsExporterPodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -9709,15 +9641,24 @@ pub struct MariaDBMaxScaleMetricsExporterPodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -9785,7 +9726,6 @@ pub struct MariaDBMaxScaleMetricsExporterPodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -9900,7 +9840,6 @@ pub struct MariaDBMaxScaleMetricsExporterReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9957,11 +9896,9 @@ pub struct MariaDBMaxScaleMetricsExporterResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -9984,6 +9921,11 @@ pub struct MariaDBMaxScaleMetricsExporterResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -10015,7 +9957,7 @@ pub struct MariaDBMaxScaleMetricsExporterSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -10138,7 +10080,6 @@ pub struct MariaDBMaxScaleMetricsExporterSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -10260,9 +10201,7 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersEnvValueFromConfigMapK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10305,9 +10244,7 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersEnvValueFromSecretKeyR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10336,9 +10273,7 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -10353,9 +10288,7 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -10441,7 +10374,6 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10562,7 +10494,6 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10619,11 +10550,9 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -10646,6 +10575,11 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -10677,7 +10611,7 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -10800,7 +10734,6 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersSecurityContextSeccomp /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -10860,10 +10793,8 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -10871,11 +10802,9 @@ pub struct MariaDBMaxScaleMetricsExporterSidecarContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -10938,7 +10867,6 @@ pub struct MariaDBMaxScaleMetricsExporterTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -10972,7 +10900,6 @@ pub struct MariaDBMaxScaleMetricsExporterTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -10988,7 +10915,6 @@ pub struct MariaDBMaxScaleMetricsExporterTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -10999,7 +10925,6 @@ pub struct MariaDBMaxScaleMetricsExporterTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -11094,10 +11019,8 @@ pub struct MariaDBMaxScaleMetricsExporterVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -11105,11 +11028,9 @@ pub struct MariaDBMaxScaleMetricsExporterVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -11163,7 +11084,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -11174,17 +11094,14 @@ pub struct MariaDBMaxScaleMetricsExporterVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -11219,11 +11136,24 @@ pub struct MariaDBMaxScaleMetricsExporterVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -11282,7 +11212,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -11378,9 +11307,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11418,9 +11345,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11450,9 +11375,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -11519,9 +11442,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11615,7 +11536,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -11626,17 +11546,14 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -11649,7 +11566,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -11659,11 +11575,9 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -11677,7 +11591,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -11687,11 +11600,9 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleMetricsExporterVolumesEphemeralVolumeClaimTemplate { @@ -11784,7 +11695,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesEphemeralVolumeClaimTemplateSpec /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -11913,7 +11824,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -11970,9 +11880,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11998,7 +11906,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -12060,9 +11967,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleMetricsExporterVolumesHostPath { /// path of the directory on the host. @@ -12076,6 +11980,39 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBMaxScaleMetricsExporterVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -12091,7 +12028,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -12131,9 +12067,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12211,25 +12145,24 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMaxScaleMetricsExporterVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -12254,14 +12187,11 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -12344,9 +12274,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -12445,9 +12373,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -12532,7 +12458,6 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -12579,9 +12504,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12634,9 +12557,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12730,9 +12651,7 @@ pub struct MariaDBMaxScaleMetricsExporterVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12857,8 +12776,7 @@ pub struct MariaDBMaxScaleServicesListener { #[serde(default, skip_serializing_if = "Option::is_none")] pub params: Option>, /// Port is the network port where the MaxScale server will listen. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub port: i32, /// Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol. #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, @@ -12923,7 +12841,6 @@ pub struct MariaDBMaxScaleRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -13257,7 +13174,7 @@ pub struct MariaDBMetricsExporterAffinityPodAffinityPreferredDuringSchedulingIgn /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -13268,7 +13185,7 @@ pub struct MariaDBMetricsExporterAffinityPodAffinityPreferredDuringSchedulingIgn /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -13378,7 +13295,7 @@ pub struct MariaDBMetricsExporterAffinityPodAffinityRequiredDuringSchedulingIgno /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -13389,7 +13306,7 @@ pub struct MariaDBMetricsExporterAffinityPodAffinityRequiredDuringSchedulingIgno /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -13530,7 +13447,7 @@ pub struct MariaDBMetricsExporterAffinityPodAntiAffinityPreferredDuringSchedulin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -13541,7 +13458,7 @@ pub struct MariaDBMetricsExporterAffinityPodAntiAffinityPreferredDuringSchedulin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -13651,7 +13568,7 @@ pub struct MariaDBMetricsExporterAffinityPodAntiAffinityRequiredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -13662,7 +13579,7 @@ pub struct MariaDBMetricsExporterAffinityPodAntiAffinityRequiredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -13801,9 +13718,7 @@ pub struct MariaDBMetricsExporterEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -13846,9 +13761,7 @@ pub struct MariaDBMetricsExporterEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -13877,9 +13790,7 @@ pub struct MariaDBMetricsExporterEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -13894,9 +13805,7 @@ pub struct MariaDBMetricsExporterEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -13920,9 +13829,7 @@ pub struct MariaDBMetricsExporterImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -14013,9 +13920,7 @@ pub struct MariaDBMetricsExporterInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -14058,9 +13963,7 @@ pub struct MariaDBMetricsExporterInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -14089,9 +13992,7 @@ pub struct MariaDBMetricsExporterInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -14106,9 +14007,7 @@ pub struct MariaDBMetricsExporterInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -14194,7 +14093,6 @@ pub struct MariaDBMetricsExporterInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -14315,7 +14213,6 @@ pub struct MariaDBMetricsExporterInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -14372,11 +14269,9 @@ pub struct MariaDBMetricsExporterInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -14399,6 +14294,11 @@ pub struct MariaDBMetricsExporterInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -14430,7 +14330,7 @@ pub struct MariaDBMetricsExporterInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -14553,7 +14453,6 @@ pub struct MariaDBMetricsExporterInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -14613,10 +14512,8 @@ pub struct MariaDBMetricsExporterInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -14624,11 +14521,9 @@ pub struct MariaDBMetricsExporterInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -14714,7 +14609,6 @@ pub struct MariaDBMetricsExporterLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -14787,12 +14681,10 @@ pub struct MariaDBMetricsExporterPodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -14842,15 +14734,24 @@ pub struct MariaDBMetricsExporterPodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -14918,7 +14819,6 @@ pub struct MariaDBMetricsExporterPodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -15033,7 +14933,6 @@ pub struct MariaDBMetricsExporterReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -15090,11 +14989,9 @@ pub struct MariaDBMetricsExporterResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -15117,6 +15014,11 @@ pub struct MariaDBMetricsExporterResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -15148,7 +15050,7 @@ pub struct MariaDBMetricsExporterSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -15271,7 +15173,6 @@ pub struct MariaDBMetricsExporterSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -15393,9 +15294,7 @@ pub struct MariaDBMetricsExporterSidecarContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -15438,9 +15337,7 @@ pub struct MariaDBMetricsExporterSidecarContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -15469,9 +15366,7 @@ pub struct MariaDBMetricsExporterSidecarContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -15486,9 +15381,7 @@ pub struct MariaDBMetricsExporterSidecarContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -15574,7 +15467,6 @@ pub struct MariaDBMetricsExporterSidecarContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -15695,7 +15587,6 @@ pub struct MariaDBMetricsExporterSidecarContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -15752,11 +15643,9 @@ pub struct MariaDBMetricsExporterSidecarContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -15779,6 +15668,11 @@ pub struct MariaDBMetricsExporterSidecarContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -15810,7 +15704,7 @@ pub struct MariaDBMetricsExporterSidecarContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -15933,7 +15827,6 @@ pub struct MariaDBMetricsExporterSidecarContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -15993,10 +15886,8 @@ pub struct MariaDBMetricsExporterSidecarContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -16004,11 +15895,9 @@ pub struct MariaDBMetricsExporterSidecarContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -16071,7 +15960,6 @@ pub struct MariaDBMetricsExporterTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -16105,7 +15993,6 @@ pub struct MariaDBMetricsExporterTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -16121,7 +16008,6 @@ pub struct MariaDBMetricsExporterTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -16132,7 +16018,6 @@ pub struct MariaDBMetricsExporterTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -16227,10 +16112,8 @@ pub struct MariaDBMetricsExporterVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -16238,11 +16121,9 @@ pub struct MariaDBMetricsExporterVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -16296,7 +16177,6 @@ pub struct MariaDBMetricsExporterVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -16307,17 +16187,14 @@ pub struct MariaDBMetricsExporterVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -16352,11 +16229,24 @@ pub struct MariaDBMetricsExporterVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -16415,7 +16305,6 @@ pub struct MariaDBMetricsExporterVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -16511,9 +16400,7 @@ pub struct MariaDBMetricsExporterVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -16551,9 +16438,7 @@ pub struct MariaDBMetricsExporterVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -16583,9 +16468,7 @@ pub struct MariaDBMetricsExporterVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -16652,9 +16535,7 @@ pub struct MariaDBMetricsExporterVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -16748,7 +16629,6 @@ pub struct MariaDBMetricsExporterVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -16759,17 +16639,14 @@ pub struct MariaDBMetricsExporterVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -16782,7 +16659,6 @@ pub struct MariaDBMetricsExporterVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -16792,11 +16668,9 @@ pub struct MariaDBMetricsExporterVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -16810,7 +16684,6 @@ pub struct MariaDBMetricsExporterVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -16820,11 +16693,9 @@ pub struct MariaDBMetricsExporterVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMetricsExporterVolumesEphemeralVolumeClaimTemplate { @@ -16917,7 +16788,7 @@ pub struct MariaDBMetricsExporterVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -17046,7 +16917,6 @@ pub struct MariaDBMetricsExporterVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -17103,9 +16973,7 @@ pub struct MariaDBMetricsExporterVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -17131,7 +16999,6 @@ pub struct MariaDBMetricsExporterVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -17193,9 +17060,6 @@ pub struct MariaDBMetricsExporterVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMetricsExporterVolumesHostPath { /// path of the directory on the host. @@ -17209,6 +17073,39 @@ pub struct MariaDBMetricsExporterVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBMetricsExporterVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -17224,7 +17121,6 @@ pub struct MariaDBMetricsExporterVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -17264,9 +17160,7 @@ pub struct MariaDBMetricsExporterVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -17344,25 +17238,24 @@ pub struct MariaDBMetricsExporterVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBMetricsExporterVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -17387,14 +17280,11 @@ pub struct MariaDBMetricsExporterVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -17477,9 +17367,7 @@ pub struct MariaDBMetricsExporterVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -17578,9 +17466,7 @@ pub struct MariaDBMetricsExporterVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -17665,7 +17551,6 @@ pub struct MariaDBMetricsExporterVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -17712,9 +17597,7 @@ pub struct MariaDBMetricsExporterVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -17767,9 +17650,7 @@ pub struct MariaDBMetricsExporterVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -17863,9 +17744,7 @@ pub struct MariaDBMetricsExporterVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -17902,9 +17781,7 @@ pub struct MariaDBMetricsPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -17940,9 +17817,7 @@ pub struct MariaDBMyCnfConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -17950,7 +17825,74 @@ pub struct MariaDBMyCnfConfigMapKeyRef { pub optional: Option, } -/// PasswordSecretKeyRef is a reference to a Secret that contains the password for the initial user. +/// PasswordHashSecretKeyRef is a reference to the password hash to be used by the initial User. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBPasswordHashSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// PasswordPlugin is a reference to the password plugin and arguments to be used by the initial User. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBPasswordPlugin { + /// PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginArgSecretKeyRef")] + pub plugin_arg_secret_key_ref: Option, + /// PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginNameSecretKeyRef")] + pub plugin_name_secret_key_ref: Option, +} + +/// PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBPasswordPluginPluginArgSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBPasswordPluginPluginNameSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// PasswordSecretKeyRef is a reference to a Secret that contains the password to be used by the initial User. /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBPasswordSecretKeyRef { @@ -17963,9 +17905,7 @@ pub struct MariaDBPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -18006,12 +17946,10 @@ pub struct MariaDBPodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -18061,15 +17999,24 @@ pub struct MariaDBPodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -18137,7 +18084,6 @@ pub struct MariaDBPodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -18182,7 +18128,9 @@ pub struct MariaDBPodSecurityContextWindowsOptions { pub run_as_user_name: Option, } -/// PrimaryConnection defines templates to configure the primary Connection object. +/// PrimaryConnection defines a template to configure the primary Connection object. +/// This Connection provides the initial User access to the initial Database. +/// It will make use of the PrimaryService to route network traffic to the primary Pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBPrimaryConnection { /// HealthCheck to be used in the Connection. @@ -18256,7 +18204,8 @@ pub struct MariaDBPrimaryConnectionSecretTemplateMetadata { pub labels: Option>, } -/// PrimaryService defines templates to configure the primary Service object. +/// PrimaryService defines a template to configure the primary Service object. +/// The network traffic of this Service will be routed to the primary Pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBPrimaryService { /// AllocateLoadBalancerNodePorts Service field. @@ -18293,7 +18242,8 @@ pub struct MariaDBPrimaryServiceMetadata { pub labels: Option>, } -/// PrimaryService defines templates to configure the primary Service object. +/// PrimaryService defines a template to configure the primary Service object. +/// The network traffic of this Service will be routed to the primary Pod. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum MariaDBPrimaryServiceType { #[serde(rename = "ClusterIP")] @@ -18372,7 +18322,6 @@ pub struct MariaDBReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -18502,9 +18451,7 @@ pub struct MariaDBReplicationReplicaReplPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -18525,11 +18472,9 @@ pub struct MariaDBResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -18552,6 +18497,11 @@ pub struct MariaDBResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// RootPasswordSecretKeyRef is a reference to a Secret key containing the root password. @@ -18566,9 +18516,7 @@ pub struct MariaDBRootPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -18576,7 +18524,9 @@ pub struct MariaDBRootPasswordSecretKeyRef { pub optional: Option, } -/// SecondaryConnection defines templates to configure the secondary Connection object. +/// SecondaryConnection defines a template to configure the secondary Connection object. +/// This Connection provides the initial User access to the initial Database. +/// It will make use of the SecondaryService to route network traffic to the secondary Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBSecondaryConnection { /// HealthCheck to be used in the Connection. @@ -18650,7 +18600,8 @@ pub struct MariaDBSecondaryConnectionSecretTemplateMetadata { pub labels: Option>, } -/// SecondaryService defines templates to configure the secondary Service object. +/// SecondaryService defines a template to configure the secondary Service object. +/// The network traffic of this Service will be routed to the secondary Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBSecondaryService { /// AllocateLoadBalancerNodePorts Service field. @@ -18687,7 +18638,8 @@ pub struct MariaDBSecondaryServiceMetadata { pub labels: Option>, } -/// SecondaryService defines templates to configure the secondary Service object. +/// SecondaryService defines a template to configure the secondary Service object. +/// The network traffic of this Service will be routed to the secondary Pods. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum MariaDBSecondaryServiceType { #[serde(rename = "ClusterIP")] @@ -18725,7 +18677,7 @@ pub struct MariaDBSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -18848,7 +18800,6 @@ pub struct MariaDBSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -18884,7 +18835,8 @@ pub struct MariaDBSecurityContextWindowsOptions { pub run_as_user_name: Option, } -/// Service defines templates to configure the general Service object. +/// Service defines a template to configure the general Service object. +/// The network traffic of this Service will be routed to all Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBService { /// AllocateLoadBalancerNodePorts Service field. @@ -18921,7 +18873,8 @@ pub struct MariaDBServiceMetadata { pub labels: Option>, } -/// Service defines templates to configure the general Service object. +/// Service defines a template to configure the general Service object. +/// The network traffic of this Service will be routed to all Pods. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum MariaDBServiceType { #[serde(rename = "ClusterIP")] @@ -19016,9 +18969,7 @@ pub struct MariaDBSidecarContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -19061,9 +19012,7 @@ pub struct MariaDBSidecarContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -19092,9 +19041,7 @@ pub struct MariaDBSidecarContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -19109,9 +19056,7 @@ pub struct MariaDBSidecarContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -19197,7 +19142,6 @@ pub struct MariaDBSidecarContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -19318,7 +19262,6 @@ pub struct MariaDBSidecarContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -19375,11 +19318,9 @@ pub struct MariaDBSidecarContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -19402,6 +19343,11 @@ pub struct MariaDBSidecarContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -19433,7 +19379,7 @@ pub struct MariaDBSidecarContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -19556,7 +19502,6 @@ pub struct MariaDBSidecarContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -19616,10 +19561,8 @@ pub struct MariaDBSidecarContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -19627,11 +19570,9 @@ pub struct MariaDBSidecarContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -19743,7 +19684,7 @@ pub struct MariaDBStorageVolumeClaimTemplate { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -19924,7 +19865,6 @@ pub struct MariaDBTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -19958,7 +19898,6 @@ pub struct MariaDBTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -19974,7 +19913,6 @@ pub struct MariaDBTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -19985,7 +19923,6 @@ pub struct MariaDBTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -20119,10 +20056,8 @@ pub struct MariaDBVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -20130,11 +20065,9 @@ pub struct MariaDBVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -20188,7 +20121,6 @@ pub struct MariaDBVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -20199,17 +20131,14 @@ pub struct MariaDBVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -20244,11 +20173,24 @@ pub struct MariaDBVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -20307,7 +20249,6 @@ pub struct MariaDBVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -20403,9 +20344,7 @@ pub struct MariaDBVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -20443,9 +20382,7 @@ pub struct MariaDBVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -20475,9 +20412,7 @@ pub struct MariaDBVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -20544,9 +20479,7 @@ pub struct MariaDBVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -20640,7 +20573,6 @@ pub struct MariaDBVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -20651,17 +20583,14 @@ pub struct MariaDBVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -20674,7 +20603,6 @@ pub struct MariaDBVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -20684,11 +20612,9 @@ pub struct MariaDBVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -20702,7 +20628,6 @@ pub struct MariaDBVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -20712,11 +20637,9 @@ pub struct MariaDBVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBVolumesEphemeralVolumeClaimTemplate { @@ -20809,7 +20732,7 @@ pub struct MariaDBVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -20938,7 +20861,6 @@ pub struct MariaDBVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -20995,9 +20917,7 @@ pub struct MariaDBVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21023,7 +20943,6 @@ pub struct MariaDBVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -21085,9 +21004,6 @@ pub struct MariaDBVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBVolumesHostPath { /// path of the directory on the host. @@ -21101,6 +21017,39 @@ pub struct MariaDBVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MariaDBVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -21116,7 +21065,6 @@ pub struct MariaDBVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -21156,9 +21104,7 @@ pub struct MariaDBVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21236,25 +21182,24 @@ pub struct MariaDBVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MariaDBVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -21279,14 +21224,11 @@ pub struct MariaDBVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -21369,9 +21311,7 @@ pub struct MariaDBVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -21470,9 +21410,7 @@ pub struct MariaDBVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -21557,7 +21495,6 @@ pub struct MariaDBVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -21604,9 +21541,7 @@ pub struct MariaDBVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21659,9 +21594,7 @@ pub struct MariaDBVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21755,9 +21688,7 @@ pub struct MariaDBVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs index 58435d09a..8d0f09ed6 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/maxscales.rs @@ -366,7 +366,7 @@ pub struct MaxScaleAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExec /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -377,7 +377,7 @@ pub struct MaxScaleAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExec /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -487,7 +487,7 @@ pub struct MaxScaleAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -498,7 +498,7 @@ pub struct MaxScaleAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -639,7 +639,7 @@ pub struct MaxScaleAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -650,7 +650,7 @@ pub struct MaxScaleAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -760,7 +760,7 @@ pub struct MaxScaleAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -771,7 +771,7 @@ pub struct MaxScaleAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -946,9 +946,7 @@ pub struct MaxScaleAuthAdminPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -969,9 +967,7 @@ pub struct MaxScaleAuthClientPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -992,9 +988,7 @@ pub struct MaxScaleAuthMetricsPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1015,9 +1009,7 @@ pub struct MaxScaleAuthMonitorPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1038,9 +1030,7 @@ pub struct MaxScaleAuthServerPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1061,9 +1051,7 @@ pub struct MaxScaleAuthSyncPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1171,7 +1159,7 @@ pub struct MaxScaleConfigVolumeClaimTemplate { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -1428,9 +1416,7 @@ pub struct MaxScaleEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1473,9 +1459,7 @@ pub struct MaxScaleEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1504,9 +1488,7 @@ pub struct MaxScaleEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1521,9 +1503,7 @@ pub struct MaxScaleEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1593,9 +1573,7 @@ pub struct MaxScaleImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1697,9 +1675,7 @@ pub struct MaxScaleInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1742,9 +1718,7 @@ pub struct MaxScaleInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1773,9 +1747,7 @@ pub struct MaxScaleInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1790,9 +1762,7 @@ pub struct MaxScaleInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1878,7 +1848,6 @@ pub struct MaxScaleInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1999,7 +1968,6 @@ pub struct MaxScaleInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2056,11 +2024,9 @@ pub struct MaxScaleInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2083,6 +2049,11 @@ pub struct MaxScaleInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -2114,7 +2085,7 @@ pub struct MaxScaleInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2237,7 +2208,6 @@ pub struct MaxScaleInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2297,10 +2267,8 @@ pub struct MaxScaleInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2308,11 +2276,9 @@ pub struct MaxScaleInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2444,7 +2410,6 @@ pub struct MaxScaleLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2508,7 +2473,6 @@ pub struct MaxScaleMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -2838,7 +2802,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAffinityPreferredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2849,7 +2813,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAffinityPreferredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2959,7 +2923,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAffinityRequiredDuringSchedulingIgn /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2970,7 +2934,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAffinityRequiredDuringSchedulingIgn /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3111,7 +3075,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAntiAffinityPreferredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3122,7 +3086,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAntiAffinityPreferredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3232,7 +3196,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAntiAffinityRequiredDuringSchedulin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3243,7 +3207,7 @@ pub struct MaxScaleMetricsExporterAffinityPodAntiAffinityRequiredDuringSchedulin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3382,9 +3346,7 @@ pub struct MaxScaleMetricsExporterEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3427,9 +3389,7 @@ pub struct MaxScaleMetricsExporterEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3458,9 +3418,7 @@ pub struct MaxScaleMetricsExporterEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3475,9 +3433,7 @@ pub struct MaxScaleMetricsExporterEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3501,9 +3457,7 @@ pub struct MaxScaleMetricsExporterImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3594,9 +3548,7 @@ pub struct MaxScaleMetricsExporterInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3639,9 +3591,7 @@ pub struct MaxScaleMetricsExporterInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3670,9 +3620,7 @@ pub struct MaxScaleMetricsExporterInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3687,9 +3635,7 @@ pub struct MaxScaleMetricsExporterInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3775,7 +3721,6 @@ pub struct MaxScaleMetricsExporterInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3896,7 +3841,6 @@ pub struct MaxScaleMetricsExporterInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3953,11 +3897,9 @@ pub struct MaxScaleMetricsExporterInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3980,6 +3922,11 @@ pub struct MaxScaleMetricsExporterInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -4011,7 +3958,7 @@ pub struct MaxScaleMetricsExporterInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4134,7 +4081,6 @@ pub struct MaxScaleMetricsExporterInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4194,10 +4140,8 @@ pub struct MaxScaleMetricsExporterInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4205,11 +4149,9 @@ pub struct MaxScaleMetricsExporterInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4295,7 +4237,6 @@ pub struct MaxScaleMetricsExporterLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4368,12 +4309,10 @@ pub struct MaxScaleMetricsExporterPodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -4423,15 +4362,24 @@ pub struct MaxScaleMetricsExporterPodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -4499,7 +4447,6 @@ pub struct MaxScaleMetricsExporterPodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4614,7 +4561,6 @@ pub struct MaxScaleMetricsExporterReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4671,11 +4617,9 @@ pub struct MaxScaleMetricsExporterResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4698,6 +4642,11 @@ pub struct MaxScaleMetricsExporterResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -4729,7 +4678,7 @@ pub struct MaxScaleMetricsExporterSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4852,7 +4801,6 @@ pub struct MaxScaleMetricsExporterSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4974,9 +4922,7 @@ pub struct MaxScaleMetricsExporterSidecarContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5019,9 +4965,7 @@ pub struct MaxScaleMetricsExporterSidecarContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5050,9 +4994,7 @@ pub struct MaxScaleMetricsExporterSidecarContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -5067,9 +5009,7 @@ pub struct MaxScaleMetricsExporterSidecarContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -5155,7 +5095,6 @@ pub struct MaxScaleMetricsExporterSidecarContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5276,7 +5215,6 @@ pub struct MaxScaleMetricsExporterSidecarContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5333,11 +5271,9 @@ pub struct MaxScaleMetricsExporterSidecarContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5360,6 +5296,11 @@ pub struct MaxScaleMetricsExporterSidecarContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -5391,7 +5332,7 @@ pub struct MaxScaleMetricsExporterSidecarContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -5514,7 +5455,6 @@ pub struct MaxScaleMetricsExporterSidecarContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5574,10 +5514,8 @@ pub struct MaxScaleMetricsExporterSidecarContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5585,11 +5523,9 @@ pub struct MaxScaleMetricsExporterSidecarContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5652,7 +5588,6 @@ pub struct MaxScaleMetricsExporterTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5686,7 +5621,6 @@ pub struct MaxScaleMetricsExporterTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5702,7 +5636,6 @@ pub struct MaxScaleMetricsExporterTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5713,7 +5646,6 @@ pub struct MaxScaleMetricsExporterTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5808,10 +5740,8 @@ pub struct MaxScaleMetricsExporterVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5819,11 +5749,9 @@ pub struct MaxScaleMetricsExporterVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5877,7 +5805,6 @@ pub struct MaxScaleMetricsExporterVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5888,17 +5815,14 @@ pub struct MaxScaleMetricsExporterVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5933,11 +5857,24 @@ pub struct MaxScaleMetricsExporterVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5996,7 +5933,6 @@ pub struct MaxScaleMetricsExporterVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6092,9 +6028,7 @@ pub struct MaxScaleMetricsExporterVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6132,9 +6066,7 @@ pub struct MaxScaleMetricsExporterVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6164,9 +6096,7 @@ pub struct MaxScaleMetricsExporterVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6233,9 +6163,7 @@ pub struct MaxScaleMetricsExporterVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6329,7 +6257,6 @@ pub struct MaxScaleMetricsExporterVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6340,17 +6267,14 @@ pub struct MaxScaleMetricsExporterVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6363,7 +6287,6 @@ pub struct MaxScaleMetricsExporterVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6373,11 +6296,9 @@ pub struct MaxScaleMetricsExporterVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6391,7 +6312,6 @@ pub struct MaxScaleMetricsExporterVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6401,11 +6321,9 @@ pub struct MaxScaleMetricsExporterVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleMetricsExporterVolumesEphemeralVolumeClaimTemplate { @@ -6498,7 +6416,7 @@ pub struct MaxScaleMetricsExporterVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6627,7 +6545,6 @@ pub struct MaxScaleMetricsExporterVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6684,9 +6601,7 @@ pub struct MaxScaleMetricsExporterVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6712,7 +6627,6 @@ pub struct MaxScaleMetricsExporterVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6774,9 +6688,6 @@ pub struct MaxScaleMetricsExporterVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleMetricsExporterVolumesHostPath { /// path of the directory on the host. @@ -6790,6 +6701,39 @@ pub struct MaxScaleMetricsExporterVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MaxScaleMetricsExporterVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6805,7 +6749,6 @@ pub struct MaxScaleMetricsExporterVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6845,9 +6788,7 @@ pub struct MaxScaleMetricsExporterVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6925,25 +6866,24 @@ pub struct MaxScaleMetricsExporterVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleMetricsExporterVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6968,14 +6908,11 @@ pub struct MaxScaleMetricsExporterVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -7058,9 +6995,7 @@ pub struct MaxScaleMetricsExporterVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -7159,9 +7094,7 @@ pub struct MaxScaleMetricsExporterVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7246,7 +7179,6 @@ pub struct MaxScaleMetricsExporterVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7293,9 +7225,7 @@ pub struct MaxScaleMetricsExporterVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7348,9 +7278,7 @@ pub struct MaxScaleMetricsExporterVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7444,9 +7372,7 @@ pub struct MaxScaleMetricsExporterVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7558,12 +7484,10 @@ pub struct MaxScalePodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -7613,15 +7537,24 @@ pub struct MaxScalePodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -7689,7 +7622,6 @@ pub struct MaxScalePodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -7804,7 +7736,6 @@ pub struct MaxScaleReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -7861,11 +7792,9 @@ pub struct MaxScaleResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -7888,6 +7817,11 @@ pub struct MaxScaleResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -7919,7 +7853,7 @@ pub struct MaxScaleSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -8042,7 +7976,6 @@ pub struct MaxScaleSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -8136,8 +8069,7 @@ pub struct MaxScaleServicesListener { #[serde(default, skip_serializing_if = "Option::is_none")] pub params: Option>, /// Port is the network port where the MaxScale server will listen. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub port: i32, /// Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol. #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, @@ -8242,9 +8174,7 @@ pub struct MaxScaleSidecarContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8287,9 +8217,7 @@ pub struct MaxScaleSidecarContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8318,9 +8246,7 @@ pub struct MaxScaleSidecarContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -8335,9 +8261,7 @@ pub struct MaxScaleSidecarContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -8423,7 +8347,6 @@ pub struct MaxScaleSidecarContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8544,7 +8467,6 @@ pub struct MaxScaleSidecarContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8601,11 +8523,9 @@ pub struct MaxScaleSidecarContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -8628,6 +8548,11 @@ pub struct MaxScaleSidecarContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds security configuration that will be applied to a container. @@ -8659,7 +8584,7 @@ pub struct MaxScaleSidecarContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -8782,7 +8707,6 @@ pub struct MaxScaleSidecarContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -8842,10 +8766,8 @@ pub struct MaxScaleSidecarContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -8853,11 +8775,9 @@ pub struct MaxScaleSidecarContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -8920,7 +8840,6 @@ pub struct MaxScaleTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -8954,7 +8873,6 @@ pub struct MaxScaleTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -8970,7 +8888,6 @@ pub struct MaxScaleTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -8981,7 +8898,6 @@ pub struct MaxScaleTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -9108,10 +9024,8 @@ pub struct MaxScaleVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -9119,11 +9033,9 @@ pub struct MaxScaleVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -9177,7 +9089,6 @@ pub struct MaxScaleVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -9188,17 +9099,14 @@ pub struct MaxScaleVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -9233,11 +9141,24 @@ pub struct MaxScaleVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -9296,7 +9217,6 @@ pub struct MaxScaleVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -9392,9 +9312,7 @@ pub struct MaxScaleVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -9432,9 +9350,7 @@ pub struct MaxScaleVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -9464,9 +9380,7 @@ pub struct MaxScaleVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -9533,9 +9447,7 @@ pub struct MaxScaleVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -9629,7 +9541,6 @@ pub struct MaxScaleVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -9640,17 +9551,14 @@ pub struct MaxScaleVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -9663,7 +9571,6 @@ pub struct MaxScaleVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -9673,11 +9580,9 @@ pub struct MaxScaleVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -9691,7 +9596,6 @@ pub struct MaxScaleVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -9701,11 +9605,9 @@ pub struct MaxScaleVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleVolumesEphemeralVolumeClaimTemplate { @@ -9798,7 +9700,7 @@ pub struct MaxScaleVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -9927,7 +9829,6 @@ pub struct MaxScaleVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -9984,9 +9885,7 @@ pub struct MaxScaleVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10012,7 +9911,6 @@ pub struct MaxScaleVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -10074,9 +9972,6 @@ pub struct MaxScaleVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleVolumesHostPath { /// path of the directory on the host. @@ -10090,6 +9985,39 @@ pub struct MaxScaleVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MaxScaleVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -10105,7 +10033,6 @@ pub struct MaxScaleVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -10145,9 +10072,7 @@ pub struct MaxScaleVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10225,25 +10150,24 @@ pub struct MaxScaleVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MaxScaleVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -10268,14 +10192,11 @@ pub struct MaxScaleVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -10358,9 +10279,7 @@ pub struct MaxScaleVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -10459,9 +10378,7 @@ pub struct MaxScaleVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -10546,7 +10463,6 @@ pub struct MaxScaleVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -10593,9 +10509,7 @@ pub struct MaxScaleVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10648,9 +10562,7 @@ pub struct MaxScaleVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10744,9 +10656,7 @@ pub struct MaxScaleVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/restores.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/restores.rs index 0bd4cdf7d..fab455654 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/restores.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/restores.rs @@ -298,7 +298,7 @@ pub struct RestoreAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -309,7 +309,7 @@ pub struct RestoreAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -419,7 +419,7 @@ pub struct RestoreAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -430,7 +430,7 @@ pub struct RestoreAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -571,7 +571,7 @@ pub struct RestoreAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -582,7 +582,7 @@ pub struct RestoreAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -692,7 +692,7 @@ pub struct RestoreAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -703,7 +703,7 @@ pub struct RestoreAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -800,9 +800,7 @@ pub struct RestoreBackupRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -815,9 +813,7 @@ pub struct RestoreImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -846,7 +842,6 @@ pub struct RestoreMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -896,12 +891,10 @@ pub struct RestorePodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -951,15 +944,24 @@ pub struct RestorePodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -1027,7 +1029,6 @@ pub struct RestorePodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1078,11 +1079,9 @@ pub struct RestoreResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1105,6 +1104,11 @@ pub struct RestoreResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// RestoreSpec defines the desired state of restore @@ -1151,9 +1155,7 @@ pub struct RestoreS3AccessKeyIdSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1170,9 +1172,7 @@ pub struct RestoreS3SecretAccessKeySecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1189,9 +1189,7 @@ pub struct RestoreS3SessionTokenSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1221,9 +1219,7 @@ pub struct RestoreS3TlsCaSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1260,7 +1256,7 @@ pub struct RestoreSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -1383,7 +1379,6 @@ pub struct RestoreSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1487,7 +1482,6 @@ pub struct RestoreVolume { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -1498,17 +1492,14 @@ pub struct RestoreVolume { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1543,11 +1534,24 @@ pub struct RestoreVolume { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -1602,7 +1606,6 @@ pub struct RestoreVolumeAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -1698,9 +1701,7 @@ pub struct RestoreVolumeCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1738,9 +1739,7 @@ pub struct RestoreVolumeCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1770,9 +1769,7 @@ pub struct RestoreVolumeConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -1839,9 +1836,7 @@ pub struct RestoreVolumeCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1935,7 +1930,6 @@ pub struct RestoreVolumeEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -1946,17 +1940,14 @@ pub struct RestoreVolumeEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1969,7 +1960,6 @@ pub struct RestoreVolumeEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -1979,11 +1969,9 @@ pub struct RestoreVolumeEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -1997,7 +1985,6 @@ pub struct RestoreVolumeEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -2007,11 +1994,9 @@ pub struct RestoreVolumeEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RestoreVolumeEphemeralVolumeClaimTemplate { @@ -2104,7 +2089,7 @@ pub struct RestoreVolumeEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -2233,7 +2218,6 @@ pub struct RestoreVolumeFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -2290,9 +2274,7 @@ pub struct RestoreVolumeFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2318,7 +2300,6 @@ pub struct RestoreVolumeGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -2380,9 +2361,6 @@ pub struct RestoreVolumeGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RestoreVolumeHostPath { /// path of the directory on the host. @@ -2396,6 +2374,39 @@ pub struct RestoreVolumeHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RestoreVolumeImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -2411,7 +2422,6 @@ pub struct RestoreVolumeIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -2451,9 +2461,7 @@ pub struct RestoreVolumeIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2531,25 +2539,24 @@ pub struct RestoreVolumeProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RestoreVolumeProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -2574,14 +2581,11 @@ pub struct RestoreVolumeProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -2664,9 +2668,7 @@ pub struct RestoreVolumeProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2765,9 +2767,7 @@ pub struct RestoreVolumeProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -2852,7 +2852,6 @@ pub struct RestoreVolumeRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -2899,9 +2898,7 @@ pub struct RestoreVolumeRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2954,9 +2951,7 @@ pub struct RestoreVolumeScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3050,9 +3045,7 @@ pub struct RestoreVolumeStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs index b61c9f117..d0902d069 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs @@ -305,7 +305,7 @@ pub struct SqlJobAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -316,7 +316,7 @@ pub struct SqlJobAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -426,7 +426,7 @@ pub struct SqlJobAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecuti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -437,7 +437,7 @@ pub struct SqlJobAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecuti /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -578,7 +578,7 @@ pub struct SqlJobAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -589,7 +589,7 @@ pub struct SqlJobAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -699,7 +699,7 @@ pub struct SqlJobAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -710,7 +710,7 @@ pub struct SqlJobAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -808,9 +808,7 @@ pub struct SqlJobDependsOn { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -823,9 +821,7 @@ pub struct SqlJobImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -854,7 +850,6 @@ pub struct SqlJobMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -891,9 +886,7 @@ pub struct SqlJobPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -923,12 +916,10 @@ pub struct SqlJobPodSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -978,15 +969,24 @@ pub struct SqlJobPodSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -1054,7 +1054,6 @@ pub struct SqlJobPodSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1105,11 +1104,9 @@ pub struct SqlJobResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1132,6 +1129,11 @@ pub struct SqlJobResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SqlJobSpec defines the desired state of SqlJob @@ -1181,7 +1183,7 @@ pub struct SqlJobSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -1304,7 +1306,6 @@ pub struct SqlJobSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1350,9 +1351,7 @@ pub struct SqlJobSqlConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs index e9fe62573..932f03129 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/users.rs @@ -19,6 +19,9 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct UserSpec { + /// CleanupPolicy defines the behavior for cleaning up a SQL resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cleanupPolicy")] + pub cleanup_policy: Option, /// Host related to the User. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -31,6 +34,13 @@ pub struct UserSpec { /// Name overrides the default name provided by metadata.name. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// PasswordHashSecretKeyRef is a reference to the password hash to be used by the User. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordHashSecretKeyRef")] + pub password_hash_secret_key_ref: Option, + /// PasswordPlugin is a reference to the password plugin and arguments to be used by the User. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordPlugin")] + pub password_plugin: Option, /// PasswordSecretKeyRef is a reference to the password to be used by the User. /// If not provided, the account will be locked and the password will expire. /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. @@ -44,6 +54,13 @@ pub struct UserSpec { pub retry_interval: Option, } +/// UserSpec defines the desired state of User +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum UserCleanupPolicy { + Skip, + Delete, +} + /// MariaDBRef is a reference to a MariaDB object. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct UserMariaDbRef { @@ -57,7 +74,6 @@ pub struct UserMariaDbRef { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. @@ -85,6 +101,73 @@ pub struct UserMariaDbRef { pub wait_for_it: Option, } +/// PasswordHashSecretKeyRef is a reference to the password hash to be used by the User. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UserPasswordHashSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// PasswordPlugin is a reference to the password plugin and arguments to be used by the User. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UserPasswordPlugin { + /// PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginArgSecretKeyRef")] + pub plugin_arg_secret_key_ref: Option, + /// PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. + /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginNameSecretKeyRef")] + pub plugin_name_secret_key_ref: Option, +} + +/// PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UserPasswordPluginPluginArgSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. +/// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UserPasswordPluginPluginNameSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// PasswordSecretKeyRef is a reference to the password to be used by the User. /// If not provided, the account will be locked and the password will expire. /// If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. @@ -96,9 +179,7 @@ pub struct UserPasswordSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/kamaji_clastix_io/v1alpha1/tenantcontrolplanes.rs b/kube-custom-resources-rs/src/kamaji_clastix_io/v1alpha1/tenantcontrolplanes.rs index d3c203c6f..d27f19dec 100644 --- a/kube-custom-resources-rs/src/kamaji_clastix_io/v1alpha1/tenantcontrolplanes.rs +++ b/kube-custom-resources-rs/src/kamaji_clastix_io/v1alpha1/tenantcontrolplanes.rs @@ -155,11 +155,9 @@ pub struct TenantControlPlaneAddonsKonnectivityServerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -182,6 +180,11 @@ pub struct TenantControlPlaneAddonsKonnectivityServerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Enables the kube-proxy addon in the Tenant Cluster. @@ -501,9 +504,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersEnvValueF /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -546,9 +547,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersEnvValueF /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -577,9 +576,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersEnvFromCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -594,9 +591,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersEnvFromSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -881,7 +876,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersLivenessP /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1032,7 +1026,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersReadiness /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1104,11 +1097,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersResources /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1131,6 +1122,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersResources /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -1164,7 +1160,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersSecurityC #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -1287,7 +1283,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersSecurityC /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1399,7 +1394,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersStartupPr /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1484,10 +1478,8 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersVolumeMou /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -1495,11 +1487,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalContainersVolumeMou /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -1731,9 +1721,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersEnvVa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1776,9 +1764,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersEnvVa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1807,9 +1793,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersEnvFr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1824,9 +1808,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersEnvFr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2111,7 +2093,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersLiven /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2262,7 +2243,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersReadi /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2334,11 +2314,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersResou /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2361,6 +2339,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersResou /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2394,7 +2377,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersSecur #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2517,7 +2500,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersSecur /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2629,7 +2611,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersStart /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2714,10 +2695,8 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersVolum /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2725,11 +2704,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalInitContainersVolum /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2790,10 +2767,8 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumeMountsApiServ /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2801,11 +2776,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumeMountsApiServ /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2845,10 +2818,8 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumeMountsControl /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2856,11 +2827,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumeMountsControl /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2900,10 +2869,8 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumeMountsSchedul /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2911,11 +2878,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumeMountsSchedul /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2969,7 +2934,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -2980,17 +2944,14 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3025,11 +2986,24 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -3088,7 +3062,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesAwsElasticBl /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -3184,9 +3157,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesCephfsSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3224,9 +3195,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesCinderSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3256,9 +3225,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -3325,9 +3292,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesCsiNodePubli /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3421,7 +3386,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -3432,17 +3396,14 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3455,7 +3416,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -3465,11 +3425,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -3483,7 +3441,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -3493,11 +3450,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEphemeralVolumeClaimTemplate { @@ -3590,7 +3545,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesEphemeralVol /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -3719,7 +3674,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -3776,9 +3730,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesFlexVolumeSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3804,7 +3756,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesGcePersisten /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -3866,9 +3817,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesHostPath { /// path of the directory on the host. @@ -3882,6 +3830,39 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -3897,7 +3878,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -3937,9 +3917,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesIscsiSecretR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4017,25 +3995,24 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -4060,14 +4037,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesProjectedSou /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -4150,9 +4124,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesProjectedSou /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -4251,9 +4223,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesProjectedSou /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -4338,7 +4308,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -4385,9 +4354,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesRbdSecretRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4440,9 +4407,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesScaleIoSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4536,9 +4501,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAdditionalVolumesStorageosSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4769,7 +4732,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -4780,7 +4743,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -4890,7 +4853,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -4901,7 +4864,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5042,7 +5005,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAntiAffinityPrefer /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5053,7 +5016,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAntiAffinityPrefer /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5163,7 +5126,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAntiAffinityRequir /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5174,7 +5137,7 @@ pub struct TenantControlPlaneControlPlaneDeploymentAffinityPodAntiAffinityRequir /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5333,11 +5296,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesApiServer { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5360,6 +5321,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesApiServerClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// ResourceRequirements describes the compute resource requirements. @@ -5368,11 +5334,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesControllerManager { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5395,6 +5359,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesControllerManagerCla /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Define the kine container resources. @@ -5404,11 +5373,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesKine { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5431,6 +5398,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesKineClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// ResourceRequirements describes the compute resource requirements. @@ -5439,11 +5411,9 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesScheduler { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5466,6 +5436,11 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesSchedulerClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Strategy describes how to replace existing pods with new ones for the given Tenant Control Plane. @@ -5474,9 +5449,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentResourcesSchedulerClaims { pub struct TenantControlPlaneControlPlaneDeploymentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -5486,9 +5458,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TenantControlPlaneControlPlaneDeploymentStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -5565,7 +5534,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5599,7 +5567,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5615,7 +5582,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5626,7 +5592,6 @@ pub struct TenantControlPlaneControlPlaneDeploymentTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -6009,10 +5974,7 @@ pub struct TenantControlPlaneStatusAddonsKonnectivityServiceLoadBalancerIngressP /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// Port is the port number of the service port of which status is recorded here pub port: i32, /// Protocol is the protocol of the service port of which status is recorded here @@ -6332,10 +6294,7 @@ pub struct TenantControlPlaneStatusKubernetesResourcesIngressLoadBalancerIngress /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// port is the port number of the ingress port. pub port: i32, /// protocol is the protocol of the ingress port. @@ -6405,10 +6364,7 @@ pub struct TenantControlPlaneStatusKubernetesResourcesServiceLoadBalancerIngress /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// Port is the port number of the service port of which status is recorded here pub port: i32, /// Protocol is the protocol of the service port of which status is recorded here diff --git a/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs b/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs index c3824c978..de70af8bc 100644 --- a/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs +++ b/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs @@ -60,14 +60,12 @@ pub struct EC2NodeClassSpec { pub kubelet: Option, /// MetadataOptions for the generated launch template of provisioned nodes. /// - /// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// - /// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -172,24 +170,18 @@ pub struct EC2NodeClassBlockDeviceMappingsEbs { /// gp2 volumes, this represents the baseline performance of the volume and the /// rate at which the volume accumulates I/O credits for bursting. /// - /// /// The following are the supported values for each volume type: /// - /// /// * gp3: 3,000-16,000 IOPS /// - /// /// * io1: 100-64,000 IOPS /// - /// /// * io2: 100-64,000 IOPS /// - /// /// For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built /// on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). /// Other instance families guarantee performance up to 32,000 IOPS. /// - /// /// This parameter is supported for io1, io2, and gp3 volumes only. This parameter /// is not supported for gp2, st1, sc1, or standard volumes. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -208,16 +200,12 @@ pub struct EC2NodeClassBlockDeviceMappingsEbs { /// a volume size. The following are the supported volumes sizes for each volume /// type: /// - /// /// * gp2 and gp3: 1-16,384 /// - /// /// * io1 and io2: 4-16,384 /// - /// /// * st1 and sc1: 125-16,384 /// - /// /// * standard: 1-1,024 #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeSize")] pub volume_size: Option, @@ -312,14 +300,12 @@ pub struct EC2NodeClassKubelet { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -332,7 +318,6 @@ pub struct EC2NodeClassMetadataOptions { /// nodes. If metadata options is non-nil, but this parameter is not specified, /// the default state is "enabled". /// - /// /// If you specify a value of "disabled", instance metadata will not be accessible /// on the node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpEndpoint")] @@ -353,14 +338,12 @@ pub struct EC2NodeClassMetadataOptions { /// requests. If metadata options is non-nil, but this parameter is not /// specified, the default state is "required". /// - /// /// If the state is optional, one can choose to retrieve instance metadata with /// or without a signed token header on the request. If one retrieves the IAM /// role credentials without a token, the version 1.0 role credentials are /// returned. If one retrieves the IAM role credentials using a valid signed /// token, the version 2.0 role credentials are returned. /// - /// /// If the state is "required", one must send a signed token header with any /// instance metadata retrieval requests. In this state, retrieving the IAM /// role credentials always returns the version 2.0 credentials; the version @@ -371,14 +354,12 @@ pub struct EC2NodeClassMetadataOptions { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -395,14 +376,12 @@ pub enum EC2NodeClassMetadataOptionsHttpEndpoint { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -419,14 +398,12 @@ pub enum EC2NodeClassMetadataOptionsHttpProtocolIPv6 { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. diff --git a/kube-custom-resources-rs/src/karpenter_k8s_aws/v1beta1/ec2nodeclasses.rs b/kube-custom-resources-rs/src/karpenter_k8s_aws/v1beta1/ec2nodeclasses.rs index 096524b92..b497f5b28 100644 --- a/kube-custom-resources-rs/src/karpenter_k8s_aws/v1beta1/ec2nodeclasses.rs +++ b/kube-custom-resources-rs/src/karpenter_k8s_aws/v1beta1/ec2nodeclasses.rs @@ -49,14 +49,12 @@ pub struct EC2NodeClassSpec { pub instance_store_policy: Option, /// MetadataOptions for the generated launch template of provisioned nodes. /// - /// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// - /// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -154,24 +152,18 @@ pub struct EC2NodeClassBlockDeviceMappingsEbs { /// gp2 volumes, this represents the baseline performance of the volume and the /// rate at which the volume accumulates I/O credits for bursting. /// - /// /// The following are the supported values for each volume type: /// - /// /// * gp3: 3,000-16,000 IOPS /// - /// /// * io1: 100-64,000 IOPS /// - /// /// * io2: 100-64,000 IOPS /// - /// /// For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built /// on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). /// Other instance families guarantee performance up to 32,000 IOPS. /// - /// /// This parameter is supported for io1, io2, and gp3 volumes only. This parameter /// is not supported for gp2, st1, sc1, or standard volumes. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -190,16 +182,12 @@ pub struct EC2NodeClassBlockDeviceMappingsEbs { /// a volume size. The following are the supported volumes sizes for each volume /// type: /// - /// /// * gp2 and gp3: 1-16,384 /// - /// /// * io1 and io2: 4-16,384 /// - /// /// * st1 and sc1: 125-16,384 /// - /// /// * standard: 1-1,024 #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeSize")] pub volume_size: Option, @@ -239,14 +227,12 @@ pub enum EC2NodeClassInstanceStorePolicy { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -259,7 +245,6 @@ pub struct EC2NodeClassMetadataOptions { /// nodes. If metadata options is non-nil, but this parameter is not specified, /// the default state is "enabled". /// - /// /// If you specify a value of "disabled", instance metadata will not be accessible /// on the node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpEndpoint")] @@ -280,14 +265,12 @@ pub struct EC2NodeClassMetadataOptions { /// requests. If metadata options is non-nil, but this parameter is not /// specified, the default state is "required". /// - /// /// If the state is optional, one can choose to retrieve instance metadata with /// or without a signed token header on the request. If one retrieves the IAM /// role credentials without a token, the version 1.0 role credentials are /// returned. If one retrieves the IAM role credentials using a valid signed /// token, the version 2.0 role credentials are returned. /// - /// /// If the state is "required", one must send a signed token header with any /// instance metadata retrieval requests. In this state, retrieving the IAM /// role credentials always returns the version 2.0 credentials; the version @@ -298,14 +281,12 @@ pub struct EC2NodeClassMetadataOptions { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -322,14 +303,12 @@ pub enum EC2NodeClassMetadataOptionsHttpEndpoint { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. @@ -346,14 +325,12 @@ pub enum EC2NodeClassMetadataOptionsHttpProtocolIPv6 { /// MetadataOptions for the generated launch template of provisioned nodes. /// -/// /// This specifies the exposure of the Instance Metadata Service to /// provisioned EC2 nodes. For more information, /// see Instance Metadata and User Data /// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) /// in the Amazon Elastic Compute Cloud User Guide. /// -/// /// Refer to recommended, security best practices /// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) /// for limiting exposure of Instance Metadata and User Data to pods. diff --git a/kube-custom-resources-rs/src/karpenter_sh/v1/nodeclaims.rs b/kube-custom-resources-rs/src/karpenter_sh/v1/nodeclaims.rs index 5ae4f743c..04f2510e7 100644 --- a/kube-custom-resources-rs/src/karpenter_sh/v1/nodeclaims.rs +++ b/kube-custom-resources-rs/src/karpenter_sh/v1/nodeclaims.rs @@ -45,19 +45,15 @@ pub struct NodeClaimSpec { pub taints: Option>, /// TerminationGracePeriod is the maximum duration the controller will wait before forcefully deleting the pods on a node, measured from when deletion is first initiated. /// - /// /// Warning: this feature takes precedence over a Pod's terminationGracePeriodSeconds value, and bypasses any blocked PDBs or the karpenter.sh/do-not-disrupt annotation. /// - /// /// This field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period. /// When set, drifted nodes will begin draining even if there are pods blocking eviction. Draining will respect PDBs and the do-not-disrupt annotation until the TGP is reached. /// - /// /// Karpenter will preemptively delete pods so their terminationGracePeriodSeconds align with the node's terminationGracePeriod. /// If a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout, /// that pod will be deleted at T = node timeout - pod terminationGracePeriodSeconds. /// - /// /// The feature can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks. /// If left undefined, the controller will wait indefinitely for pods to be drained. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriod")] diff --git a/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs b/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs index be7fd1135..a40d3ba06 100644 --- a/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs +++ b/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs @@ -155,19 +155,15 @@ pub struct NodePoolTemplateSpec { pub taints: Option>, /// TerminationGracePeriod is the maximum duration the controller will wait before forcefully deleting the pods on a node, measured from when deletion is first initiated. /// - /// /// Warning: this feature takes precedence over a Pod's terminationGracePeriodSeconds value, and bypasses any blocked PDBs or the karpenter.sh/do-not-disrupt annotation. /// - /// /// This field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period. /// When set, drifted nodes will begin draining even if there are pods blocking eviction. Draining will respect PDBs and the do-not-disrupt annotation until the TGP is reached. /// - /// /// Karpenter will preemptively delete pods so their terminationGracePeriodSeconds align with the node's terminationGracePeriod. /// If a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout, /// that pod will be deleted at T = node timeout - pod terminationGracePeriodSeconds. /// - /// /// The feature can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks. /// If left undefined, the controller will wait indefinitely for pods to be drained. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriod")] diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs b/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs index e4f5ec9c9..26cddbe7a 100644 --- a/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs +++ b/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs @@ -28,13 +28,13 @@ pub struct DNSRecordSpec { /// the listeners assigned to the target gateway #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheck")] pub health_check: Option, - /// managedZone is a reference to a ManagedZone instance to which this record will publish its endpoints. - #[serde(rename = "managedZone")] - pub managed_zone: DNSRecordManagedZone, /// ownerID is a unique string used to identify the owner of this record. /// If unset or set to an empty string the record UID will be used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownerID")] pub owner_id: Option, + /// providerRef is a reference to a provider secret. + #[serde(rename = "providerRef")] + pub provider_ref: DNSRecordProviderRef, /// rootHost is the single root for all endpoints in a DNSRecord. /// it is expected all defined endpoints are children of or equal to this rootHost /// Must contain at least two groups of valid URL characters separated by a "." @@ -97,18 +97,16 @@ pub struct DNSRecordHealthCheck { pub protocol: Option, } -/// managedZone is a reference to a ManagedZone instance to which this record will publish its endpoints. +/// providerRef is a reference to a provider secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct DNSRecordManagedZone { - /// `name` is the name of the managed zone. - /// Required +pub struct DNSRecordProviderRef { pub name: String, } /// DNSRecordStatus defines the observed state of DNSRecord #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DNSRecordStatus { - /// conditions are any conditions associated with the record in the managed zone. + /// conditions are any conditions associated with the record in the dns provider. /// /// /// If publishing the record fails, the "Failed" condition will be set with a @@ -118,25 +116,12 @@ pub struct DNSRecordStatus { /// DomainOwners is a list of all the owners working against the root domain of this record #[serde(default, skip_serializing_if = "Option::is_none", rename = "domainOwners")] pub domain_owners: Option>, - /// endpoints are the last endpoints that were successfully published by the provider - /// - /// - /// Provides a simple mechanism to store the current provider records in order to - /// delete any that are no longer present in DNSRecordSpec.Endpoints - /// - /// - /// Note: This will not be required if/when we switch to using external-dns since when - /// running with a "sync" policy it will clean up unused records automatically. + /// endpoints are the last endpoints that were successfully published to the provider zone #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoints: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheck")] pub health_check: Option, - /// observedGeneration is the most recently observed generation of the - /// DNSRecord. When the DNSRecord is updated, the controller updates the - /// corresponding record in each managed zone. If an update for a - /// particular zone fails, that failure is recorded in the status - /// condition for the zone so that the controller can determine that it - /// needs to retry the update for that specific zone. + /// observedGeneration is the most recently observed generation of the DNSRecord. #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] pub observed_generation: Option, /// ownerID is a unique string used to identify the owner of this record. @@ -155,6 +140,12 @@ pub struct DNSRecordStatus { /// It is being reset to 0 when the generation changes or there are no changes to write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "writeCounter")] pub write_counter: Option, + /// zoneDomainName is the domain name of the zone that the dns record is publishing endpoints + #[serde(default, skip_serializing_if = "Option::is_none", rename = "zoneDomainName")] + pub zone_domain_name: Option, + /// zoneID is the provider specific id to which this dns record is publishing endpoints + #[serde(default, skip_serializing_if = "Option::is_none", rename = "zoneID")] + pub zone_id: Option, } /// Endpoint is a high-level way of a connection between a service and an IP diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayconfigs.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayconfigs.rs index cfa483631..d9936f211 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayconfigs.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayconfigs.rs @@ -119,11 +119,9 @@ pub struct MeshGatewayConfigResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -146,6 +144,11 @@ pub struct MeshGatewayConfigResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// ServiceTemplate configures the Service owned by this config. diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayinstances.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayinstances.rs index df0567e65..5138212d2 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayinstances.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshgatewayinstances.rs @@ -118,11 +118,9 @@ pub struct MeshGatewayInstanceResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -145,6 +143,11 @@ pub struct MeshGatewayInstanceResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// ServiceTemplate configures the Service owned by this config. @@ -243,10 +246,7 @@ pub struct MeshGatewayInstanceStatusLoadBalancerIngressPorts { /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// Port is the port number of the service port of which status is recorded here pub port: i32, /// Protocol is the protocol of the service port of which status is recorded here diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs index c6d07d736..c23c4d5db 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs @@ -221,7 +221,7 @@ pub struct MeshHTTPRouteToRulesDefaultFiltersRequestHeaderModifierSet { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MeshHTTPRouteToRulesDefaultFiltersRequestMirror { - /// TODO forbid weight + /// BackendRef defines where to forward traffic. #[serde(rename = "backendRef")] pub backend_ref: MeshHTTPRouteToRulesDefaultFiltersRequestMirrorBackendRef, /// Percentage of requests to mirror. If not specified, all requests @@ -230,7 +230,7 @@ pub struct MeshHTTPRouteToRulesDefaultFiltersRequestMirror { pub percentage: Option, } -/// TODO forbid weight +/// BackendRef defines where to forward traffic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MeshHTTPRouteToRulesDefaultFiltersRequestMirrorBackendRef { /// Kind of the referenced resource @@ -270,7 +270,7 @@ pub struct MeshHTTPRouteToRulesDefaultFiltersRequestMirrorBackendRef { pub weight: Option, } -/// TODO forbid weight +/// BackendRef defines where to forward traffic. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum MeshHTTPRouteToRulesDefaultFiltersRequestMirrorBackendRefKind { Mesh, @@ -289,7 +289,6 @@ pub struct MeshHTTPRouteToRulesDefaultFiltersRequestRedirect { /// matches the RFC 1123 definition of a hostname with 1 notable exception that /// numeric IP addresses are not allowed. /// - /// /// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case /// alphanumeric characters or '-', and must start and end with an alphanumeric /// character. No other punctuation is allowed. diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs index 31a53055f..61c0d0037 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs @@ -113,7 +113,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsClusterMatch { pub name: Option, /// Origin is the name of the component or plugin that generated the resource. /// - /// /// Here is the list of well-known origins: /// inbound - resources generated for handling incoming traffic. /// outbound - resources generated for handling outgoing traffic. @@ -124,7 +123,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsClusterMatch { /// egress - resources generated for Zone Egress. /// gateway - resources generated for MeshGateway. /// - /// /// The list is not complete, because policy plugins can introduce new resources. /// For example MeshTrace plugin can create Cluster with "mesh-trace" origin. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -201,7 +199,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsHttpFilterMatch { pub name: Option, /// Origin is the name of the component or plugin that generated the resource. /// - /// /// Here is the list of well-known origins: /// inbound - resources generated for handling incoming traffic. /// outbound - resources generated for handling outgoing traffic. @@ -212,7 +209,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsHttpFilterMatch { /// egress - resources generated for Zone Egress. /// gateway - resources generated for MeshGateway. /// - /// /// The list is not complete, because policy plugins can introduce new resources. /// For example MeshTrace plugin can create Cluster with "mesh-trace" origin. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -286,7 +282,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsListenerMatch { pub name: Option, /// Origin is the name of the component or plugin that generated the resource. /// - /// /// Here is the list of well-known origins: /// inbound - resources generated for handling incoming traffic. /// outbound - resources generated for handling outgoing traffic. @@ -297,7 +292,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsListenerMatch { /// egress - resources generated for Zone Egress. /// gateway - resources generated for MeshGateway. /// - /// /// The list is not complete, because policy plugins can introduce new resources. /// For example MeshTrace plugin can create Cluster with "mesh-trace" origin. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -376,7 +370,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsNetworkFilterMatch { pub name: Option, /// Origin is the name of the component or plugin that generated the resource. /// - /// /// Here is the list of well-known origins: /// inbound - resources generated for handling incoming traffic. /// outbound - resources generated for handling outgoing traffic. @@ -387,7 +380,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsNetworkFilterMatch { /// egress - resources generated for Zone Egress. /// gateway - resources generated for MeshGateway. /// - /// /// The list is not complete, because policy plugins can introduce new resources. /// For example MeshTrace plugin can create Cluster with "mesh-trace" origin. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -461,7 +453,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsVirtualHostMatch { pub name: Option, /// Origin is the name of the component or plugin that generated the resource. /// - /// /// Here is the list of well-known origins: /// inbound - resources generated for handling incoming traffic. /// outbound - resources generated for handling outgoing traffic. @@ -472,7 +463,6 @@ pub struct MeshProxyPatchDefaultAppendModificationsVirtualHostMatch { /// egress - resources generated for Zone Egress. /// gateway - resources generated for MeshGateway. /// - /// /// The list is not complete, because policy plugins can introduce new resources. /// For example MeshTrace plugin can create Cluster with "mesh-trace" origin. #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs index bf1a73a1c..39547f406 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs @@ -810,6 +810,9 @@ pub struct ClusterPolicyRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -900,129 +903,84 @@ pub struct ClusterPolicyRulesGenerateCloneListSelectorMatchExpressions { } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesImageExtractors { - /// JMESPath is an optional JMESPath expression to apply to the image value. - /// This is useful when the extracted image begins with a prefix like 'docker://'. - /// The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://'). - /// Note - Image digest mutation may not be used when applying a JMESPAth to an image. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] - pub jmes_path: Option, - /// Key is an optional name of the field within 'path' that will be used to uniquely identify an image. - /// Note - this field MUST be unique. +pub struct ClusterPolicyRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Name is the entry the image will be available under 'images.' in the context. - /// If this field is not defined, image entries will appear under 'images.custom'. + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Path is the path to the object containing the image field in a custom resource. - /// It should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'. - /// Wildcard keys are expanded in case of arrays or objects. - pub path: String, - /// Value is an optional name of the field within 'path' that points to the image URI. - /// This is useful when a custom 'key' is also defined. + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, -} - -/// MatchResources defines when this policy rule should be applied. The match -/// criteria can include resource information (e.g. kind, name, namespace, labels) -/// and admission review request information like the user name or role. -/// At least one kind is required. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatch { - /// All allows specifying resources which will be ANDed + pub data: Option, + /// Kind specifies resource kind. #[serde(default, skip_serializing_if = "Option::is_none")] - pub all: Option>, - /// Any allows specifying resources which will be ORed + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. #[serde(default, skip_serializing_if = "Option::is_none")] - pub any: Option>, - /// ClusterRoles is the list of cluster-wide role names for the user. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] - pub cluster_roles: Option>, - /// ResourceDescription contains information about the resource being created or modified. - /// Requires at least one tag to be specified when under MatchResources. - /// Specifying ResourceDescription directly under match is being deprecated. - /// Please specify under "any" or "all" instead. + pub list: Option, + /// Name specifies the resource name. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Roles is the list of namespaced role names for the user. + pub name: Option, + /// Namespace specifies resource namespace. #[serde(default, skip_serializing_if = "Option::is_none")] - pub roles: Option>, - /// Subjects is the list of subject names like users, user groups, and service accounts. + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] - pub subjects: Option>, + pub preconditions: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, } -/// ResourceFilter allow users to "AND" or "OR" between resources +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAll { - /// ClusterRoles is the list of cluster-wide role names for the user. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] - pub cluster_roles: Option>, - /// ResourceDescription contains information about the resource being created or modified. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Roles is the list of namespaced role names for the user. +pub struct ClusterPolicyRulesGenerateForeachClone { + /// Name specifies name of the resource. #[serde(default, skip_serializing_if = "Option::is_none")] - pub roles: Option>, - /// Subjects is the list of subject names like users, user groups, and service accounts. + pub name: Option, + /// Namespace specifies source resource namespace. #[serde(default, skip_serializing_if = "Option::is_none")] - pub subjects: Option>, + pub namespace: Option, } -/// ResourceDescription contains information about the resource being created or modified. +/// CloneList specifies the list of source resource used to populate each generated resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAllResources { - /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys - /// and values support the wildcard characters "*" (matches zero or many characters) and - /// "?" (matches at least one character). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, +pub struct ClusterPolicyRulesGenerateForeachCloneList { /// Kinds is a list of resource kinds. #[serde(default, skip_serializing_if = "Option::is_none")] pub kinds: Option>, - /// Name is the name of the resource. The name supports wildcard characters - /// "*" (matches zero or many characters) and "?" (at least one character). - /// NOTE: "Name" is being deprecated in favor of "Names". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Names are the names of the resources. Each name supports wildcard characters - /// "*" (matches zero or many characters) and "?" (at least one character). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub names: Option>, - /// NamespaceSelector is a label selector for the resource namespace. Label keys and values - /// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) - /// and `?` (matches one character).Wildcards allows writing label selectors like - /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but - /// does not match an empty label set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// Namespaces is a list of namespaces names. Each name supports wildcard characters - /// "*" (matches zero or many characters) and "?" (at least one character). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + /// Namespace specifies source resource namespace. #[serde(default, skip_serializing_if = "Option::is_none")] - pub operations: Option>, - /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard - /// characters `*` (matches zero or many characters) and `?` (matches one character). - /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that - /// using ["*" : "*"] matches any key and value but does not match an empty label set. + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, } -/// NamespaceSelector is a label selector for the resource namespace. Label keys and values -/// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) -/// and `?` (matches one character).Wildcards allows writing label selectors like -/// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but -/// does not match an empty label set. +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAllResourcesNamespaceSelector { +pub struct ClusterPolicyRulesGenerateForeachCloneListSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -1033,7 +991,7 @@ pub struct ClusterPolicyRulesMatchAllResourcesNamespaceSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAllResourcesNamespaceSelectorMatchExpressions { +pub struct ClusterPolicyRulesGenerateForeachCloneListSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -1047,79 +1005,350 @@ pub struct ClusterPolicyRulesMatchAllResourcesNamespaceSelectorMatchExpressions pub values: Option>, } -/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard -/// characters `*` (matches zero or many characters) and `?` (matches one character). -/// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that -/// using ["*" : "*"] matches any key and value but does not match an empty label set. +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAllResourcesSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterPolicyRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAllResourcesSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterPolicyRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, } -/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -/// or a value for non-objects such as user and group names. +/// RequestData contains the HTTP POST data #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAllSubjects { - /// APIGroup holds the API group of the referenced subject. - /// Defaults to "" for ServiceAccount subjects. - /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] - pub api_group: Option, - /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - /// If the Authorizer does not recognized the kind value, the Authorizer should report an error. - pub kind: String, - /// Name of the object being referenced. +pub struct ClusterPolicyRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. pub name: String, - /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - /// the Authorizer should report an error. + /// Namespace is the ConfigMap namespace. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesImageExtractors { + /// JMESPath is an optional JMESPath expression to apply to the image value. + /// This is useful when the extracted image begins with a prefix like 'docker://'. + /// The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://'). + /// Note - Image digest mutation may not be used when applying a JMESPAth to an image. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Key is an optional name of the field within 'path' that will be used to uniquely identify an image. + /// Note - this field MUST be unique. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Name is the entry the image will be available under 'images.' in the context. + /// If this field is not defined, image entries will appear under 'images.custom'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Path is the path to the object containing the image field in a custom resource. + /// It should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'. + /// Wildcard keys are expanded in case of arrays or objects. + pub path: String, + /// Value is an optional name of the field within 'path' that points to the image URI. + /// This is useful when a custom 'key' is also defined. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// MatchResources defines when this policy rule should be applied. The match +/// criteria can include resource information (e.g. kind, name, namespace, labels) +/// and admission review request information like the user name or role. +/// At least one kind is required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatch { + /// All allows specifying resources which will be ANDed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// Any allows specifying resources which will be ORed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + /// Requires at least one tag to be specified when under MatchResources. + /// Specifying ResourceDescription directly under match is being deprecated. + /// Please specify under "any" or "all" instead. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + /// ResourceFilter allow users to "AND" or "OR" between resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAny { +pub struct ClusterPolicyRulesMatchAll { /// ClusterRoles is the list of cluster-wide role names for the user. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] pub cluster_roles: Option>, /// ResourceDescription contains information about the resource being created or modified. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, + pub resources: Option, /// Roles is the list of namespaced role names for the user. #[serde(default, skip_serializing_if = "Option::is_none")] pub roles: Option>, /// Subjects is the list of subject names like users, user groups, and service accounts. #[serde(default, skip_serializing_if = "Option::is_none")] - pub subjects: Option>, + pub subjects: Option>, } /// ResourceDescription contains information about the resource being created or modified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAnyResources { +pub struct ClusterPolicyRulesMatchAllResources { /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys /// and values support the wildcard characters "*" (matches zero or many characters) and /// "?" (matches at least one character). @@ -1143,7 +1372,7 @@ pub struct ClusterPolicyRulesMatchAnyResources { /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but /// does not match an empty label set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, + pub namespace_selector: Option, /// Namespaces is a list of namespaces names. Each name supports wildcard characters /// "*" (matches zero or many characters) and "?" (at least one character). #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1156,7 +1385,7 @@ pub struct ClusterPolicyRulesMatchAnyResources { /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that /// using ["*" : "*"] matches any key and value but does not match an empty label set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, } /// NamespaceSelector is a label selector for the resource namespace. Label keys and values @@ -1165,10 +1394,10 @@ pub struct ClusterPolicyRulesMatchAnyResources { /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but /// does not match an empty label set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAnyResourcesNamespaceSelector { +pub struct ClusterPolicyRulesMatchAllResourcesNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -1179,7 +1408,7 @@ pub struct ClusterPolicyRulesMatchAnyResourcesNamespaceSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAnyResourcesNamespaceSelectorMatchExpressions { +pub struct ClusterPolicyRulesMatchAllResourcesNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -1198,10 +1427,10 @@ pub struct ClusterPolicyRulesMatchAnyResourcesNamespaceSelectorMatchExpressions /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that /// using ["*" : "*"] matches any key and value but does not match an empty label set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAnyResourcesSelector { +pub struct ClusterPolicyRulesMatchAllResourcesSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -1212,7 +1441,7 @@ pub struct ClusterPolicyRulesMatchAnyResourcesSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAnyResourcesSelectorMatchExpressions { +pub struct ClusterPolicyRulesMatchAllResourcesSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -1229,7 +1458,7 @@ pub struct ClusterPolicyRulesMatchAnyResourcesSelectorMatchExpressions { /// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, /// or a value for non-objects such as user and group names. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchAnySubjects { +pub struct ClusterPolicyRulesMatchAllSubjects { /// APIGroup holds the API group of the referenced subject. /// Defaults to "" for ServiceAccount subjects. /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. @@ -1246,12 +1475,158 @@ pub struct ClusterPolicyRulesMatchAnySubjects { pub namespace: Option, } +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchAny { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + /// ResourceDescription contains information about the resource being created or modified. -/// Requires at least one tag to be specified when under MatchResources. -/// Specifying ResourceDescription directly under match is being deprecated. -/// Please specify under "any" or "all" instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesMatchResources { +pub struct ClusterPolicyRulesMatchAnyResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys + /// and values support the wildcard characters "*" (matches zero or many characters) and + /// "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters + /// "*" (matches zero or many characters) and "?" (at least one character). + /// NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters + /// "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values + /// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) + /// and `?` (matches one character).Wildcards allows writing label selectors like + /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but + /// does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters + /// "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard + /// characters `*` (matches zero or many characters) and `?` (matches one character). + /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that + /// using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values +/// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) +/// and `?` (matches one character).Wildcards allows writing label selectors like +/// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but +/// does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchAnyResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchAnyResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard +/// characters `*` (matches zero or many characters) and `?` (matches one character). +/// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that +/// using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchAnyResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchAnyResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, +/// or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchAnySubjects { + /// APIGroup holds the API group of the referenced subject. + /// Defaults to "" for ServiceAccount subjects. + /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". + /// If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty + /// the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ResourceDescription contains information about the resource being created or modified. +/// Requires at least one tag to be specified when under MatchResources. +/// Specifying ResourceDescription directly under match is being deprecated. +/// Please specify under "any" or "all" instead. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesMatchResources { /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys /// and values support the wildcard characters "*" (matches zero or many characters) and /// "?" (matches at least one character). @@ -3070,7 +3445,7 @@ pub struct ClusterPolicyRulesVerifyImages { #[serde(default, skip_serializing_if = "Option::is_none")] pub subject: Option, /// Type specifies the method of signature validation. The allowed options - /// are Cosign and Notary. By default Cosign is used if a type is not specified. + /// are Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, /// UseCache enables caching of image verify responses for this rule. @@ -3699,6 +4074,7 @@ pub struct ClusterPolicyRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } @@ -4592,6 +4968,9 @@ pub struct ClusterPolicyStatusAutogenRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -4681,6 +5060,378 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressi pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub list: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub preconditions: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachClone { + /// Name specifies name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// CloneList specifies the list of source resource used to populate each generated resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachCloneList { + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachCloneListSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachCloneListSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesImageExtractors { /// JMESPath is an optional JMESPath expression to apply to the image value. @@ -6852,7 +7603,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { #[serde(default, skip_serializing_if = "Option::is_none")] pub subject: Option, /// Type specifies the method of signature validation. The allowed options - /// are Cosign and Notary. By default Cosign is used if a type is not specified. + /// are Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, /// UseCache enables caching of image verify responses for this rule. @@ -7481,6 +8232,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyStatusAutogenRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs index b8a332a96..49c44f391 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs @@ -811,6 +811,9 @@ pub struct PolicyRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -901,129 +904,84 @@ pub struct PolicyRulesGenerateCloneListSelectorMatchExpressions { } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesImageExtractors { - /// JMESPath is an optional JMESPath expression to apply to the image value. - /// This is useful when the extracted image begins with a prefix like 'docker://'. - /// The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://'). - /// Note - Image digest mutation may not be used when applying a JMESPAth to an image. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] - pub jmes_path: Option, - /// Key is an optional name of the field within 'path' that will be used to uniquely identify an image. - /// Note - this field MUST be unique. +pub struct PolicyRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Name is the entry the image will be available under 'images.' in the context. - /// If this field is not defined, image entries will appear under 'images.custom'. + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Path is the path to the object containing the image field in a custom resource. - /// It should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'. - /// Wildcard keys are expanded in case of arrays or objects. - pub path: String, - /// Value is an optional name of the field within 'path' that points to the image URI. - /// This is useful when a custom 'key' is also defined. + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, -} - -/// MatchResources defines when this policy rule should be applied. The match -/// criteria can include resource information (e.g. kind, name, namespace, labels) -/// and admission review request information like the user name or role. -/// At least one kind is required. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatch { - /// All allows specifying resources which will be ANDed + pub data: Option, + /// Kind specifies resource kind. #[serde(default, skip_serializing_if = "Option::is_none")] - pub all: Option>, - /// Any allows specifying resources which will be ORed + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. #[serde(default, skip_serializing_if = "Option::is_none")] - pub any: Option>, - /// ClusterRoles is the list of cluster-wide role names for the user. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] - pub cluster_roles: Option>, - /// ResourceDescription contains information about the resource being created or modified. - /// Requires at least one tag to be specified when under MatchResources. - /// Specifying ResourceDescription directly under match is being deprecated. - /// Please specify under "any" or "all" instead. + pub list: Option, + /// Name specifies the resource name. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Roles is the list of namespaced role names for the user. + pub name: Option, + /// Namespace specifies resource namespace. #[serde(default, skip_serializing_if = "Option::is_none")] - pub roles: Option>, - /// Subjects is the list of subject names like users, user groups, and service accounts. + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] - pub subjects: Option>, + pub preconditions: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, } -/// ResourceFilter allow users to "AND" or "OR" between resources +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAll { - /// ClusterRoles is the list of cluster-wide role names for the user. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] - pub cluster_roles: Option>, - /// ResourceDescription contains information about the resource being created or modified. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Roles is the list of namespaced role names for the user. +pub struct PolicyRulesGenerateForeachClone { + /// Name specifies name of the resource. #[serde(default, skip_serializing_if = "Option::is_none")] - pub roles: Option>, - /// Subjects is the list of subject names like users, user groups, and service accounts. + pub name: Option, + /// Namespace specifies source resource namespace. #[serde(default, skip_serializing_if = "Option::is_none")] - pub subjects: Option>, + pub namespace: Option, } -/// ResourceDescription contains information about the resource being created or modified. +/// CloneList specifies the list of source resource used to populate each generated resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAllResources { - /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys - /// and values support the wildcard characters "*" (matches zero or many characters) and - /// "?" (matches at least one character). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, +pub struct PolicyRulesGenerateForeachCloneList { /// Kinds is a list of resource kinds. #[serde(default, skip_serializing_if = "Option::is_none")] pub kinds: Option>, - /// Name is the name of the resource. The name supports wildcard characters - /// "*" (matches zero or many characters) and "?" (at least one character). - /// NOTE: "Name" is being deprecated in favor of "Names". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Names are the names of the resources. Each name supports wildcard characters - /// "*" (matches zero or many characters) and "?" (at least one character). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub names: Option>, - /// NamespaceSelector is a label selector for the resource namespace. Label keys and values - /// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) - /// and `?` (matches one character).Wildcards allows writing label selectors like - /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but - /// does not match an empty label set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// Namespaces is a list of namespaces names. Each name supports wildcard characters - /// "*" (matches zero or many characters) and "?" (at least one character). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + /// Namespace specifies source resource namespace. #[serde(default, skip_serializing_if = "Option::is_none")] - pub operations: Option>, - /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard - /// characters `*` (matches zero or many characters) and `?` (matches one character). - /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that - /// using ["*" : "*"] matches any key and value but does not match an empty label set. + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, } -/// NamespaceSelector is a label selector for the resource namespace. Label keys and values -/// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) -/// and `?` (matches one character).Wildcards allows writing label selectors like -/// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but -/// does not match an empty label set. +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAllResourcesNamespaceSelector { +pub struct PolicyRulesGenerateForeachCloneListSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -1034,7 +992,7 @@ pub struct PolicyRulesMatchAllResourcesNamespaceSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAllResourcesNamespaceSelectorMatchExpressions { +pub struct PolicyRulesGenerateForeachCloneListSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -1048,79 +1006,350 @@ pub struct PolicyRulesMatchAllResourcesNamespaceSelectorMatchExpressions { pub values: Option>, } -/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard -/// characters `*` (matches zero or many characters) and `?` (matches one character). -/// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that -/// using ["*" : "*"] matches any key and value but does not match an empty label set. +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAllResourcesSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct PolicyRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAllResourcesSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct PolicyRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, } -/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -/// or a value for non-objects such as user and group names. +/// RequestData contains the HTTP POST data #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAllSubjects { - /// APIGroup holds the API group of the referenced subject. - /// Defaults to "" for ServiceAccount subjects. - /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] - pub api_group: Option, - /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - /// If the Authorizer does not recognized the kind value, the Authorizer should report an error. - pub kind: String, - /// Name of the object being referenced. +pub struct PolicyRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. pub name: String, - /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - /// the Authorizer should report an error. + /// Namespace is the ConfigMap namespace. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesImageExtractors { + /// JMESPath is an optional JMESPath expression to apply to the image value. + /// This is useful when the extracted image begins with a prefix like 'docker://'. + /// The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://'). + /// Note - Image digest mutation may not be used when applying a JMESPAth to an image. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Key is an optional name of the field within 'path' that will be used to uniquely identify an image. + /// Note - this field MUST be unique. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Name is the entry the image will be available under 'images.' in the context. + /// If this field is not defined, image entries will appear under 'images.custom'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Path is the path to the object containing the image field in a custom resource. + /// It should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'. + /// Wildcard keys are expanded in case of arrays or objects. + pub path: String, + /// Value is an optional name of the field within 'path' that points to the image URI. + /// This is useful when a custom 'key' is also defined. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// MatchResources defines when this policy rule should be applied. The match +/// criteria can include resource information (e.g. kind, name, namespace, labels) +/// and admission review request information like the user name or role. +/// At least one kind is required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatch { + /// All allows specifying resources which will be ANDed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// Any allows specifying resources which will be ORed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + /// Requires at least one tag to be specified when under MatchResources. + /// Specifying ResourceDescription directly under match is being deprecated. + /// Please specify under "any" or "all" instead. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + /// ResourceFilter allow users to "AND" or "OR" between resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAny { +pub struct PolicyRulesMatchAll { /// ClusterRoles is the list of cluster-wide role names for the user. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] pub cluster_roles: Option>, /// ResourceDescription contains information about the resource being created or modified. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, + pub resources: Option, /// Roles is the list of namespaced role names for the user. #[serde(default, skip_serializing_if = "Option::is_none")] pub roles: Option>, /// Subjects is the list of subject names like users, user groups, and service accounts. #[serde(default, skip_serializing_if = "Option::is_none")] - pub subjects: Option>, + pub subjects: Option>, } /// ResourceDescription contains information about the resource being created or modified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAnyResources { +pub struct PolicyRulesMatchAllResources { /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys /// and values support the wildcard characters "*" (matches zero or many characters) and /// "?" (matches at least one character). @@ -1144,7 +1373,7 @@ pub struct PolicyRulesMatchAnyResources { /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but /// does not match an empty label set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, + pub namespace_selector: Option, /// Namespaces is a list of namespaces names. Each name supports wildcard characters /// "*" (matches zero or many characters) and "?" (at least one character). #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1157,7 +1386,7 @@ pub struct PolicyRulesMatchAnyResources { /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that /// using ["*" : "*"] matches any key and value but does not match an empty label set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, } /// NamespaceSelector is a label selector for the resource namespace. Label keys and values @@ -1166,10 +1395,10 @@ pub struct PolicyRulesMatchAnyResources { /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but /// does not match an empty label set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAnyResourcesNamespaceSelector { +pub struct PolicyRulesMatchAllResourcesNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -1180,7 +1409,7 @@ pub struct PolicyRulesMatchAnyResourcesNamespaceSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAnyResourcesNamespaceSelectorMatchExpressions { +pub struct PolicyRulesMatchAllResourcesNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -1199,10 +1428,10 @@ pub struct PolicyRulesMatchAnyResourcesNamespaceSelectorMatchExpressions { /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that /// using ["*" : "*"] matches any key and value but does not match an empty label set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAnyResourcesSelector { +pub struct PolicyRulesMatchAllResourcesSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -1213,7 +1442,7 @@ pub struct PolicyRulesMatchAnyResourcesSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAnyResourcesSelectorMatchExpressions { +pub struct PolicyRulesMatchAllResourcesSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -1230,7 +1459,7 @@ pub struct PolicyRulesMatchAnyResourcesSelectorMatchExpressions { /// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, /// or a value for non-objects such as user and group names. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchAnySubjects { +pub struct PolicyRulesMatchAllSubjects { /// APIGroup holds the API group of the referenced subject. /// Defaults to "" for ServiceAccount subjects. /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. @@ -1247,12 +1476,158 @@ pub struct PolicyRulesMatchAnySubjects { pub namespace: Option, } +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchAny { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + /// ResourceDescription contains information about the resource being created or modified. -/// Requires at least one tag to be specified when under MatchResources. -/// Specifying ResourceDescription directly under match is being deprecated. -/// Please specify under "any" or "all" instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesMatchResources { +pub struct PolicyRulesMatchAnyResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys + /// and values support the wildcard characters "*" (matches zero or many characters) and + /// "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters + /// "*" (matches zero or many characters) and "?" (at least one character). + /// NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters + /// "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values + /// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) + /// and `?` (matches one character).Wildcards allows writing label selectors like + /// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but + /// does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters + /// "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard + /// characters `*` (matches zero or many characters) and `?` (matches one character). + /// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that + /// using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values +/// in `matchLabels` support the wildcard characters `*` (matches zero or many characters) +/// and `?` (matches one character).Wildcards allows writing label selectors like +/// ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but +/// does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchAnyResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchAnyResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard +/// characters `*` (matches zero or many characters) and `?` (matches one character). +/// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that +/// using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchAnyResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchAnyResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, +/// or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchAnySubjects { + /// APIGroup holds the API group of the referenced subject. + /// Defaults to "" for ServiceAccount subjects. + /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". + /// If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty + /// the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ResourceDescription contains information about the resource being created or modified. +/// Requires at least one tag to be specified when under MatchResources. +/// Specifying ResourceDescription directly under match is being deprecated. +/// Please specify under "any" or "all" instead. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesMatchResources { /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys /// and values support the wildcard characters "*" (matches zero or many characters) and /// "?" (matches at least one character). @@ -3071,7 +3446,7 @@ pub struct PolicyRulesVerifyImages { #[serde(default, skip_serializing_if = "Option::is_none")] pub subject: Option, /// Type specifies the method of signature validation. The allowed options - /// are Cosign and Notary. By default Cosign is used if a type is not specified. + /// are Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, /// UseCache enables caching of image verify responses for this rule. @@ -3700,6 +4075,7 @@ pub struct PolicyRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } @@ -4593,6 +4969,9 @@ pub struct PolicyStatusAutogenRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -4682,6 +5061,378 @@ pub struct PolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressions { pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub list: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub preconditions: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachClone { + /// Name specifies name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// CloneList specifies the list of source resource used to populate each generated resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachCloneList { + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachCloneListSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachCloneListSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesImageExtractors { /// JMESPath is an optional JMESPath expression to apply to the image value. @@ -6853,7 +7604,7 @@ pub struct PolicyStatusAutogenRulesVerifyImages { #[serde(default, skip_serializing_if = "Option::is_none")] pub subject: Option, /// Type specifies the method of signature validation. The allowed options - /// are Cosign and Notary. By default Cosign is used if a type is not specified. + /// are Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, /// UseCache enables caching of image verify responses for this rule. @@ -7482,6 +8233,7 @@ pub struct PolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyStatusAutogenRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } diff --git a/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs b/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs index f712e680f..6fcd8ae11 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs @@ -52,6 +52,9 @@ pub struct GlobalContextEntryApiCall { /// such as "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, + /// RetryLimit defines the number of times the APICall should be retried in case of failure. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryLimit")] + pub retry_limit: Option, /// Service is an API call to a JSON web service. /// This is used for non-Kubernetes API server calls. /// It's mutually exclusive with the URLPath field. diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs index 6a630137e..dc1c9bbfa 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs @@ -661,6 +661,9 @@ pub struct ClusterPolicyRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -750,6 +753,378 @@ pub struct ClusterPolicyRulesGenerateCloneListSelectorMatchExpressions { pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub list: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub preconditions: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachClone { + /// Name specifies name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// CloneList specifies the list of source resource used to populate each generated resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachCloneList { + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachCloneListSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachCloneListSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesImageExtractors { /// JMESPath is an optional JMESPath expression to apply to the image value. @@ -3565,6 +3940,7 @@ pub struct ClusterPolicyRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } @@ -4458,6 +4834,9 @@ pub struct ClusterPolicyStatusAutogenRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -4482,7 +4861,110 @@ pub struct ClusterPolicyStatusAutogenRulesGenerate { /// data from Data or the resource specified in the Clone declaration. /// Optional. Defaults to "false" if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] - pub synchronize: Option, + pub synchronize: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateClone { + /// Name specifies name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// CloneList specifies the list of source resource used to populate each generated resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateCloneList { + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub list: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub preconditions: Option, /// UID specifies the resource uid. #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, @@ -4492,7 +4974,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerate { /// At most one of Data or Clone can be specified. If neither are provided, the generated /// resource will be created with default data only. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesGenerateClone { +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachClone { /// Name specifies name of the resource. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -4503,7 +4985,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateClone { /// CloneList specifies the list of source resource used to populate each generated resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesGenerateCloneList { +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachCloneList { /// Kinds is a list of resource kinds. #[serde(default, skip_serializing_if = "Option::is_none")] pub kinds: Option>, @@ -4513,16 +4995,16 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateCloneList { /// Selector is a label selector. Label keys and values in `matchLabels`. /// wildcard characters are not supported. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, } /// Selector is a label selector. Label keys and values in `matchLabels`. /// wildcard characters are not supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelector { +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachCloneListSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -4533,7 +5015,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressions { +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachCloneListSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -4547,6 +5029,275 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressi pub values: Option>, } +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesImageExtractors { /// JMESPath is an optional JMESPath expression to apply to the image value. @@ -6718,7 +7469,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { #[serde(default, skip_serializing_if = "Option::is_none")] pub subject: Option, /// Type specifies the method of signature validation. The allowed options - /// are Cosign and Notary. By default Cosign is used if a type is not specified. + /// are Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, /// UseCache enables caching of image verify responses for this rule. @@ -7347,6 +8098,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyStatusAutogenRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs index 6f345a378..f8929b328 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs @@ -662,6 +662,9 @@ pub struct PolicyRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -751,6 +754,378 @@ pub struct PolicyRulesGenerateCloneListSelectorMatchExpressions { pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub list: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub preconditions: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachClone { + /// Name specifies name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// CloneList specifies the list of source resource used to populate each generated resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachCloneList { + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachCloneListSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachCloneListSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesImageExtractors { /// JMESPath is an optional JMESPath expression to apply to the image value. @@ -3566,6 +3941,7 @@ pub struct PolicyRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } @@ -4459,6 +4835,9 @@ pub struct PolicyStatusAutogenRulesGenerate { /// resource will be created with default data only. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, + /// ForEach applies generate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub foreach: Option>, /// GenerateExisting controls whether to trigger the rule in existing resources /// If is set to "true" the rule will be triggered and applied to existing matched resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExisting")] @@ -4483,7 +4862,110 @@ pub struct PolicyStatusAutogenRulesGenerate { /// data from Data or the resource specified in the Clone declaration. /// Optional. Defaults to "false" if not specified. #[serde(default, skip_serializing_if = "Option::is_none")] - pub synchronize: Option, + pub synchronize: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Clone specifies the source resource used to populate each generated resource. +/// At most one of Data or Clone can be specified. If neither are provided, the generated +/// resource will be created with default data only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateClone { + /// Name specifies name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// CloneList specifies the list of source resource used to populate each generated resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateCloneList { + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Namespace specifies source resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Selector is a label selector. Label keys and values in `matchLabels`. + /// wildcard characters are not supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// Selector is a label selector. Label keys and values in `matchLabels`. +/// wildcard characters are not supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateCloneListSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeach { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Clone specifies the source resource used to populate each generated resource. + /// At most one of Data or Clone can be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clone: Option, + /// CloneList specifies the list of source resource used to populate each generated resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloneList")] + pub clone_list: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// Data provides the resource declaration used to populate each generated resource. + /// At most one of Data or Clone must be specified. If neither are provided, the generated + /// resource will be created with default data only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// List specifies a JMESPath expression that results in one or more elements + /// to which the validation logic is applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub list: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a + /// set of conditions. The declaration can contain nested `any` or `all` statements. + /// See: https://kyverno.io/docs/writing-policies/preconditions/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub preconditions: Option, /// UID specifies the resource uid. #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, @@ -4493,7 +4975,7 @@ pub struct PolicyStatusAutogenRulesGenerate { /// At most one of Data or Clone can be specified. If neither are provided, the generated /// resource will be created with default data only. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesGenerateClone { +pub struct PolicyStatusAutogenRulesGenerateForeachClone { /// Name specifies name of the resource. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -4504,7 +4986,7 @@ pub struct PolicyStatusAutogenRulesGenerateClone { /// CloneList specifies the list of source resource used to populate each generated resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesGenerateCloneList { +pub struct PolicyStatusAutogenRulesGenerateForeachCloneList { /// Kinds is a list of resource kinds. #[serde(default, skip_serializing_if = "Option::is_none")] pub kinds: Option>, @@ -4514,16 +4996,16 @@ pub struct PolicyStatusAutogenRulesGenerateCloneList { /// Selector is a label selector. Label keys and values in `matchLabels`. /// wildcard characters are not supported. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, + pub selector: Option, } /// Selector is a label selector. Label keys and values in `matchLabels`. /// wildcard characters are not supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesGenerateCloneListSelector { +pub struct PolicyStatusAutogenRulesGenerateForeachCloneListSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -4534,7 +5016,7 @@ pub struct PolicyStatusAutogenRulesGenerateCloneListSelector { /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressions { +pub struct PolicyStatusAutogenRulesGenerateForeachCloneListSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -4548,6 +5030,275 @@ pub struct PolicyStatusAutogenRulesGenerateCloneListSelectorMatchExpressions { pub values: Option>, } +/// ContextEntry adds variables and data sources to a rule Context. Either a +/// ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. + /// The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// GlobalContextEntryReference is a reference to a cached global context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalReference")] + pub global_reference: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image + /// details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCall { + /// The data object specifies the POST data sent to the server. + /// Only applicable when the method field is set to POST. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). Defaults to GET. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service. + /// This is used for non-Kubernetes API server calls. + /// It's mutually exclusive with the URLPath field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the + /// Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + /// The format required is the same format used by the `kubectl get --raw` command. + /// See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + /// for details. + /// It's mutually exclusive with the Service field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: serde_json::Value, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. +/// The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesGenerateForeachContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service. +/// This is used for non-Kubernetes API server calls. +/// It's mutually exclusive with the URLPath field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate + /// the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is + /// `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// GlobalContextEntryReference is a reference to a cached global context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextGlobalReference { + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the JSON response returned from the server. For example + /// a JMESPath of "items | length(@)" applied to the API server response + /// for the URLPath "/apis/apps/v1/deployments" will return the total count + /// of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Name of the global context entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image +/// details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to + /// transform the ImageData struct returned as a result of processing + /// the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. + /// Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. + /// It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. + /// Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath + /// expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// JMESPath is an optional JMESPath Expression that can be used to + /// transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +/// set of conditions. The declaration can contain nested `any` or `all` statements. +/// See: https://kyverno.io/docs/writing-policies/preconditions/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachPreconditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, all of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for + /// finer control of when an rule is applied. A condition can reference object data + /// using JMESPath notation. + /// Here, at least one of the conditions need to pass + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachPreconditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesGenerateForeachPreconditionsAllOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesGenerateForeachPreconditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: + /// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, + /// GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, + /// DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set + /// or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Condition defines variable-based conditional criteria for rule execution. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesGenerateForeachPreconditionsAnyOperator { + Equals, + NotEquals, + In, + AnyIn, + AllIn, + NotIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesImageExtractors { /// JMESPath is an optional JMESPath expression to apply to the image value. @@ -6719,7 +7470,7 @@ pub struct PolicyStatusAutogenRulesVerifyImages { #[serde(default, skip_serializing_if = "Option::is_none")] pub subject: Option, /// Type specifies the method of signature validation. The allowed options - /// are Cosign and Notary. By default Cosign is used if a type is not specified. + /// are Cosign, Sigstore Bundle and Notary. By default Cosign is used if a type is not specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, /// UseCache enables caching of image verify responses for this rule. @@ -7348,6 +8099,7 @@ pub struct PolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyStatusAutogenRulesVerifyImagesType { Cosign, + SigstoreBundle, Notary, } diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index cf04b4598..5ac19b12c 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -902,6 +902,7 @@ apiVersion `crd.projectcalico.org/v1`: - `IPReservation` - `KubeControllersConfiguration` - `NetworkSet` +- `Tier` ## data_fluid_io diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/alertmanagers.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/alertmanagers.rs index e25ed7a7c..261e3be4a 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/alertmanagers.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/alertmanagers.rs @@ -41,10 +41,8 @@ pub struct AlertmanagerSpec { pub alertmanager_config_selector: Option, /// alertmanagerConfiguration specifies the configuration of Alertmanager. /// - /// /// If defined, it takes precedence over the `configSecret` field. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertmanagerConfiguration")] @@ -85,13 +83,11 @@ pub struct AlertmanagerSpec { /// Alertmanager object, which contains the configuration for this Alertmanager /// instance. If empty, it defaults to `alertmanager-`. /// - /// /// The Alertmanager configuration should be available under the /// `alertmanager.yaml` key. Additional keys from the original secret are /// copied to the generated secret and mounted into the /// `/etc/alertmanager/config` directory in the `alertmanager` container. /// - /// /// If either the secret or the `alertmanager.yaml` key is missing, the /// operator provisions a minimal Alertmanager configuration with one empty /// receiver (effectively dropping alert notifications). @@ -112,7 +108,6 @@ pub struct AlertmanagerSpec { /// scope of what the maintainers will support and by doing so, you accept /// that this behaviour may break at any time without notice. /// - /// /// It requires Alertmanager >= 0.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, @@ -180,7 +175,6 @@ pub struct AlertmanagerSpec { pub paused: Option, /// PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. /// - /// /// The following items are reserved and cannot be overridden: /// * "alertmanager" label, set to the name of the Alertmanager instance. /// * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. @@ -474,7 +468,7 @@ pub struct AlertmanagerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -485,7 +479,7 @@ pub struct AlertmanagerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -595,7 +589,7 @@ pub struct AlertmanagerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -606,7 +600,7 @@ pub struct AlertmanagerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -747,7 +741,7 @@ pub struct AlertmanagerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -758,7 +752,7 @@ pub struct AlertmanagerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -868,7 +862,7 @@ pub struct AlertmanagerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -879,7 +873,7 @@ pub struct AlertmanagerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -977,7 +971,6 @@ pub struct AlertmanagerAlertmanagerConfigMatcherStrategy { /// AlertmanagerConfig objects to match alerts in the routes and inhibition /// rules. /// - /// /// The default value is `OnNamespace`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1054,10 +1047,8 @@ pub struct AlertmanagerAlertmanagerConfigSelectorMatchExpressions { /// alertmanagerConfiguration specifies the configuration of Alertmanager. /// -/// /// If defined, it takes precedence over the `configSecret` field. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1143,10 +1134,8 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1161,9 +1150,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigAuthorizationCre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1195,9 +1182,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigBasicAuthPasswor /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1215,9 +1200,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigBasicAuthUsernam /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1237,9 +1220,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigBearerTokenSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1266,21 +1247,18 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1320,9 +1298,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2ClientIdCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1339,9 +1315,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2ClientIdSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1359,9 +1333,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2ClientSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1378,9 +1350,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2ProxyConne /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1406,13 +1376,11 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2TlsConfig pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1441,9 +1409,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1460,9 +1426,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1490,9 +1454,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1509,9 +1471,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1528,9 +1488,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigOauth2TlsConfigK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1583,13 +1541,11 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1618,9 +1574,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigTlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1637,9 +1591,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigTlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1667,9 +1619,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigTlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1686,9 +1636,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigTlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1705,9 +1653,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalHttpConfigTlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1750,9 +1696,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalOpsGenieApiKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1769,9 +1713,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalOpsGenieApiUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1788,9 +1730,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalSlackApiUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1837,9 +1777,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalSmtpAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1856,9 +1794,7 @@ pub struct AlertmanagerAlertmanagerConfigurationGlobalSmtpAuthSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1895,9 +1831,7 @@ pub struct AlertmanagerAlertmanagerConfigurationTemplatesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1914,9 +1848,7 @@ pub struct AlertmanagerAlertmanagerConfigurationTemplatesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2140,9 +2072,7 @@ pub struct AlertmanagerContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2185,9 +2115,7 @@ pub struct AlertmanagerContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2216,9 +2144,7 @@ pub struct AlertmanagerContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2233,9 +2159,7 @@ pub struct AlertmanagerContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2520,7 +2444,6 @@ pub struct AlertmanagerContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2671,7 +2594,6 @@ pub struct AlertmanagerContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2743,11 +2665,9 @@ pub struct AlertmanagerContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2770,6 +2690,11 @@ pub struct AlertmanagerContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2803,7 +2728,7 @@ pub struct AlertmanagerContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2926,7 +2851,6 @@ pub struct AlertmanagerContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3038,7 +2962,6 @@ pub struct AlertmanagerContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3123,10 +3046,8 @@ pub struct AlertmanagerContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3134,11 +3055,9 @@ pub struct AlertmanagerContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3183,9 +3102,7 @@ pub struct AlertmanagerImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3406,9 +3323,7 @@ pub struct AlertmanagerInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3451,9 +3366,7 @@ pub struct AlertmanagerInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3482,9 +3395,7 @@ pub struct AlertmanagerInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3499,9 +3410,7 @@ pub struct AlertmanagerInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3786,7 +3695,6 @@ pub struct AlertmanagerInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3937,7 +3845,6 @@ pub struct AlertmanagerInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4009,11 +3916,9 @@ pub struct AlertmanagerInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4036,6 +3941,11 @@ pub struct AlertmanagerInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4069,7 +3979,7 @@ pub struct AlertmanagerInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4192,7 +4102,6 @@ pub struct AlertmanagerInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4304,7 +4213,6 @@ pub struct AlertmanagerInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4389,10 +4297,8 @@ pub struct AlertmanagerInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4400,11 +4306,9 @@ pub struct AlertmanagerInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4450,7 +4354,6 @@ pub enum AlertmanagerLogLevel { /// PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. /// -/// /// The following items are reserved and cannot be overridden: /// * "alertmanager" label, set to the name of the Alertmanager instance. /// * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. @@ -4488,11 +4391,9 @@ pub struct AlertmanagerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4515,6 +4416,11 @@ pub struct AlertmanagerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext holds pod-level security attributes and common container settings. @@ -4529,12 +4435,10 @@ pub struct AlertmanagerSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -4584,15 +4488,24 @@ pub struct AlertmanagerSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -4660,7 +4573,6 @@ pub struct AlertmanagerSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4765,7 +4677,6 @@ pub struct AlertmanagerStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -4775,11 +4686,9 @@ pub struct AlertmanagerStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -4793,7 +4702,6 @@ pub struct AlertmanagerStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -4803,11 +4711,9 @@ pub struct AlertmanagerStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerStorageEphemeralVolumeClaimTemplate { @@ -4900,7 +4806,7 @@ pub struct AlertmanagerStorageEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -5146,7 +5052,7 @@ pub struct AlertmanagerStorageVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -5284,7 +5190,6 @@ pub struct AlertmanagerStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -5306,13 +5211,11 @@ pub struct AlertmanagerStorageVolumeClaimTemplateStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -5324,7 +5227,6 @@ pub struct AlertmanagerStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -5333,13 +5235,11 @@ pub struct AlertmanagerStorageVolumeClaimTemplateStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -5352,12 +5252,12 @@ pub struct AlertmanagerStorageVolumeClaimTemplateStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -5367,7 +5267,7 @@ pub struct AlertmanagerStorageVolumeClaimTemplateStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerStorageVolumeClaimTemplateStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: @@ -5433,7 +5333,6 @@ pub struct AlertmanagerTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5467,7 +5366,6 @@ pub struct AlertmanagerTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5483,7 +5381,6 @@ pub struct AlertmanagerTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5494,7 +5391,6 @@ pub struct AlertmanagerTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5589,10 +5485,8 @@ pub struct AlertmanagerVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5600,11 +5494,9 @@ pub struct AlertmanagerVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5658,7 +5550,6 @@ pub struct AlertmanagerVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5669,17 +5560,14 @@ pub struct AlertmanagerVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5714,11 +5602,24 @@ pub struct AlertmanagerVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5777,7 +5678,6 @@ pub struct AlertmanagerVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5873,9 +5773,7 @@ pub struct AlertmanagerVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5913,9 +5811,7 @@ pub struct AlertmanagerVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5945,9 +5841,7 @@ pub struct AlertmanagerVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6014,9 +5908,7 @@ pub struct AlertmanagerVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6110,7 +6002,6 @@ pub struct AlertmanagerVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6121,17 +6012,14 @@ pub struct AlertmanagerVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6144,7 +6032,6 @@ pub struct AlertmanagerVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6154,11 +6041,9 @@ pub struct AlertmanagerVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6172,7 +6057,6 @@ pub struct AlertmanagerVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6182,11 +6066,9 @@ pub struct AlertmanagerVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerVolumesEphemeralVolumeClaimTemplate { @@ -6279,7 +6161,7 @@ pub struct AlertmanagerVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6408,7 +6290,6 @@ pub struct AlertmanagerVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6465,9 +6346,7 @@ pub struct AlertmanagerVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6493,7 +6372,6 @@ pub struct AlertmanagerVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6555,9 +6433,6 @@ pub struct AlertmanagerVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerVolumesHostPath { /// path of the directory on the host. @@ -6571,6 +6446,39 @@ pub struct AlertmanagerVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AlertmanagerVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6586,7 +6494,6 @@ pub struct AlertmanagerVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6626,9 +6533,7 @@ pub struct AlertmanagerVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6706,25 +6611,24 @@ pub struct AlertmanagerVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6749,14 +6653,11 @@ pub struct AlertmanagerVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6839,9 +6740,7 @@ pub struct AlertmanagerVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6940,9 +6839,7 @@ pub struct AlertmanagerVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7027,7 +6924,6 @@ pub struct AlertmanagerVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7074,9 +6970,7 @@ pub struct AlertmanagerVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7129,9 +7023,7 @@ pub struct AlertmanagerVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7225,9 +7117,7 @@ pub struct AlertmanagerVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7392,9 +7282,7 @@ pub struct AlertmanagerWebTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7411,9 +7299,7 @@ pub struct AlertmanagerWebTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7441,9 +7327,7 @@ pub struct AlertmanagerWebTlsConfigClientCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7460,9 +7344,7 @@ pub struct AlertmanagerWebTlsConfigClientCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7479,9 +7361,7 @@ pub struct AlertmanagerWebTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs index 57620f1f6..afcd1bd82 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs @@ -22,14 +22,12 @@ pub struct PodMonitorSpec { /// `attachMetadata` defines additional metadata which is added to the /// discovered targets. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "attachMetadata")] pub attach_metadata: Option, /// When defined, bodySizeLimit specifies a job level limit on the size /// of uncompressed response body that will be accepted by Prometheus. /// - /// /// It requires Prometheus >= v2.28.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodySizeLimit")] pub body_size_limit: Option, @@ -37,12 +35,10 @@ pub struct PodMonitorSpec { /// `jobLabel` selects the label from the associated Kubernetes `Pod` /// object which will be used as the `job` label for all metrics. /// - /// /// For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` /// object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` /// label to all ingested metrics. /// - /// /// If the value of this field is empty, the `job` label of the metrics /// defaults to the namespace and name of the PodMonitor object (e.g. `/`). #[serde(default, skip_serializing_if = "Option::is_none", rename = "jobLabel")] @@ -50,25 +46,21 @@ pub struct PodMonitorSpec { /// Per-scrape limit on the number of targets dropped by relabeling /// that will be kept in memory. 0 means no limit. /// - /// /// It requires Prometheus >= v2.47.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] pub keep_dropped_targets: Option, /// Per-scrape limit on number of labels that will be accepted for a sample. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelLimit")] pub label_limit: Option, /// Per-scrape limit on length of labels name that will be accepted for a sample. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelNameLengthLimit")] pub label_name_length_limit: Option, /// Per-scrape limit on length of labels value that will be accepted for a sample. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] pub label_value_length_limit: Option, @@ -93,10 +85,8 @@ pub struct PodMonitorSpec { /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// - /// /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.49.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, @@ -111,14 +101,12 @@ pub struct PodMonitorSpec { /// `attachMetadata` defines additional metadata which is added to the /// discovered targets. /// -/// /// It requires Prometheus >= v2.35.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorAttachMetadata { /// When set to true, Prometheus attaches node metadata to the discovered /// targets. /// - /// /// The Prometheus service account must have the `list` and `watch` /// permissions on the `Nodes` objects. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -145,14 +133,12 @@ pub struct PodMonitorPodMetricsEndpoints { /// `authorization` configures the Authorization header credentials to use when /// scraping the target. /// - /// /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// `basicAuth` configures the Basic Authentication credentials to use when /// scraping the target. /// - /// /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, @@ -160,7 +146,6 @@ pub struct PodMonitorPodMetricsEndpoints { /// token for scraping targets. The secret needs to be in the same namespace /// as the PodMonitor object and readable by the Prometheus Operator. /// - /// /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenSecret")] pub bearer_token_secret: Option, @@ -170,10 +155,8 @@ pub struct PodMonitorPodMetricsEndpoints { /// When true, the pods which are not running (e.g. either in Failed or /// Succeeded state) are dropped during the target discovery. /// - /// /// If unset, the filtering is enabled. /// - /// /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterRunning")] pub filter_running: Option, @@ -191,7 +174,6 @@ pub struct PodMonitorPodMetricsEndpoints { pub honor_timestamps: Option, /// Interval at which Prometheus scrapes the metrics from the target. /// - /// /// If empty, Prometheus uses the global scrape interval. #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, @@ -201,10 +183,8 @@ pub struct PodMonitorPodMetricsEndpoints { pub metric_relabelings: Option>, /// `oauth2` configures the OAuth2 settings to use when scraping the target. /// - /// /// It requires Prometheus >= 2.27.0. /// - /// /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, @@ -213,13 +193,11 @@ pub struct PodMonitorPodMetricsEndpoints { pub params: Option>, /// HTTP path from which to scrape for metrics. /// - /// /// If empty, Prometheus uses the default value (e.g. `/metrics`). #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Name of the Pod port which this endpoint refers to. /// - /// /// It takes precedence over `targetPort`. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, @@ -230,29 +208,23 @@ pub struct PodMonitorPodMetricsEndpoints { /// `relabelings` configures the relabeling rules to apply the target's /// metadata labels. /// - /// /// The Operator automatically adds relabelings for a few standard Kubernetes fields. /// - /// /// The original scrape job's name is available via the `__tmp_prometheus_job_name` label. /// - /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[serde(default, skip_serializing_if = "Option::is_none")] pub relabelings: Option>, /// HTTP scheme to use for scraping. /// - /// /// `http` and `https` are the expected values unless you rewrite the /// `__scheme__` label via relabeling. /// - /// /// If empty, Prometheus uses the default value `http`. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// Timeout after which Prometheus considers the scrape to be failed. /// - /// /// If empty, Prometheus uses the global scrape timeout unless it is less /// than the target's scrape interval value in which the latter is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeTimeout")] @@ -260,7 +232,6 @@ pub struct PodMonitorPodMetricsEndpoints { /// Name or number of the target port of the `Pod` object behind the Service, the /// port must be specified with container port property. /// - /// /// Deprecated: use 'port' instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, @@ -271,7 +242,6 @@ pub struct PodMonitorPodMetricsEndpoints { /// the metrics that have an explicit timestamp present in scraped data. /// Has no effect if `honorTimestamps` is false. /// - /// /// It requires Prometheus >= v2.48.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "trackTimestampsStaleness")] pub track_timestamps_staleness: Option, @@ -280,7 +250,6 @@ pub struct PodMonitorPodMetricsEndpoints { /// `authorization` configures the Authorization header credentials to use when /// scraping the target. /// -/// /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorPodMetricsEndpointsAuthorization { @@ -289,10 +258,8 @@ pub struct PodMonitorPodMetricsEndpointsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -307,9 +274,7 @@ pub struct PodMonitorPodMetricsEndpointsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -320,7 +285,6 @@ pub struct PodMonitorPodMetricsEndpointsAuthorizationCredentials { /// `basicAuth` configures the Basic Authentication credentials to use when /// scraping the target. /// -/// /// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorPodMetricsEndpointsBasicAuth { @@ -344,9 +308,7 @@ pub struct PodMonitorPodMetricsEndpointsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -364,9 +326,7 @@ pub struct PodMonitorPodMetricsEndpointsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -378,7 +338,6 @@ pub struct PodMonitorPodMetricsEndpointsBasicAuthUsername { /// token for scraping targets. The secret needs to be in the same namespace /// as the PodMonitor object and readable by the Prometheus Operator. /// -/// /// Deprecated: use `authorization` instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorPodMetricsEndpointsBearerTokenSecret { @@ -388,9 +347,7 @@ pub struct PodMonitorPodMetricsEndpointsBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -401,23 +358,19 @@ pub struct PodMonitorPodMetricsEndpointsBearerTokenSecret { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorPodMetricsEndpointsMetricRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -427,7 +380,6 @@ pub struct PodMonitorPodMetricsEndpointsMetricRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -441,11 +393,9 @@ pub struct PodMonitorPodMetricsEndpointsMetricRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -454,7 +404,6 @@ pub struct PodMonitorPodMetricsEndpointsMetricRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PodMonitorPodMetricsEndpointsMetricRelabelingsAction { @@ -500,10 +449,8 @@ pub enum PodMonitorPodMetricsEndpointsMetricRelabelingsAction { /// `oauth2` configures the OAuth2 settings to use when scraping the target. /// -/// /// It requires Prometheus >= 2.27.0. /// -/// /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorPodMetricsEndpointsOauth2 { @@ -523,21 +470,18 @@ pub struct PodMonitorPodMetricsEndpointsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -577,9 +521,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -596,9 +538,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -616,9 +556,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -635,9 +573,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -663,13 +599,11 @@ pub struct PodMonitorPodMetricsEndpointsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -698,9 +632,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -717,9 +649,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -747,9 +677,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -766,9 +694,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -785,9 +711,7 @@ pub struct PodMonitorPodMetricsEndpointsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -826,23 +750,19 @@ pub enum PodMonitorPodMetricsEndpointsOauth2TlsConfigMinVersion { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorPodMetricsEndpointsRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -852,7 +772,6 @@ pub struct PodMonitorPodMetricsEndpointsRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -866,11 +785,9 @@ pub struct PodMonitorPodMetricsEndpointsRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -879,7 +796,6 @@ pub struct PodMonitorPodMetricsEndpointsRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PodMonitorPodMetricsEndpointsRelabelingsAction { @@ -950,13 +866,11 @@ pub struct PodMonitorPodMetricsEndpointsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -985,9 +899,7 @@ pub struct PodMonitorPodMetricsEndpointsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1004,9 +916,7 @@ pub struct PodMonitorPodMetricsEndpointsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1034,9 +944,7 @@ pub struct PodMonitorPodMetricsEndpointsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1053,9 +961,7 @@ pub struct PodMonitorPodMetricsEndpointsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1072,9 +978,7 @@ pub struct PodMonitorPodMetricsEndpointsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs index c8b43b362..057e691d0 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs @@ -40,7 +40,6 @@ pub struct ProbeSpec { /// Per-scrape limit on the number of targets dropped by relabeling /// that will be kept in memory. 0 means no limit. /// - /// /// It requires Prometheus >= v2.47.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] pub keep_dropped_targets: Option, @@ -80,10 +79,8 @@ pub struct ProbeSpec { /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// - /// /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.49.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, @@ -110,10 +107,8 @@ pub struct ProbeAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -128,9 +123,7 @@ pub struct ProbeAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -162,9 +155,7 @@ pub struct ProbeBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -182,9 +173,7 @@ pub struct ProbeBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -203,9 +192,7 @@ pub struct ProbeBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -216,23 +203,19 @@ pub struct ProbeBearerTokenSecret { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProbeMetricRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -242,7 +225,6 @@ pub struct ProbeMetricRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -256,11 +238,9 @@ pub struct ProbeMetricRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -269,7 +249,6 @@ pub struct ProbeMetricRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ProbeMetricRelabelingsAction { @@ -332,21 +311,18 @@ pub struct ProbeOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -386,9 +362,7 @@ pub struct ProbeOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -405,9 +379,7 @@ pub struct ProbeOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -425,9 +397,7 @@ pub struct ProbeOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -444,9 +414,7 @@ pub struct ProbeOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -472,13 +440,11 @@ pub struct ProbeOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -507,9 +473,7 @@ pub struct ProbeOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -526,9 +490,7 @@ pub struct ProbeOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -556,9 +518,7 @@ pub struct ProbeOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -575,9 +535,7 @@ pub struct ProbeOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -594,9 +552,7 @@ pub struct ProbeOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -715,23 +671,19 @@ pub struct ProbeTargetsIngressNamespaceSelector { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProbeTargetsIngressRelabelingConfigs { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -741,7 +693,6 @@ pub struct ProbeTargetsIngressRelabelingConfigs { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -755,11 +706,9 @@ pub struct ProbeTargetsIngressRelabelingConfigs { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -768,7 +717,6 @@ pub struct ProbeTargetsIngressRelabelingConfigs { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ProbeTargetsIngressRelabelingConfigsAction { @@ -864,23 +812,19 @@ pub struct ProbeTargetsStaticConfig { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProbeTargetsStaticConfigRelabelingConfigs { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -890,7 +834,6 @@ pub struct ProbeTargetsStaticConfigRelabelingConfigs { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -904,11 +847,9 @@ pub struct ProbeTargetsStaticConfigRelabelingConfigs { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -917,7 +858,6 @@ pub struct ProbeTargetsStaticConfigRelabelingConfigs { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ProbeTargetsStaticConfigRelabelingConfigsAction { @@ -978,13 +918,11 @@ pub struct ProbeTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1013,9 +951,7 @@ pub struct ProbeTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1032,9 +968,7 @@ pub struct ProbeTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1062,9 +996,7 @@ pub struct ProbeTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1081,9 +1013,7 @@ pub struct ProbeTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1100,9 +1030,7 @@ pub struct ProbeTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs index 75165f577..76ca66d9f 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs @@ -28,13 +28,10 @@ pub struct PrometheusSpec { /// Prometheus Operator. They must be formatted according to the official /// Prometheus documentation: /// - /// /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config /// - /// /// The user is responsible for making sure that the configurations are valid /// - /// /// Note that using this feature may expose the possibility to break /// upgrades of Prometheus. It is advised to review Prometheus release notes /// to ensure that no incompatible AlertManager configs are going to break @@ -47,13 +44,10 @@ pub struct PrometheusSpec { /// Prometheus Operator. They must be formatted according to the official /// Prometheus documentation: /// - /// /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs /// - /// /// The user is responsible for making sure that the configurations are valid /// - /// /// Note that using this feature may expose the possibility to break /// upgrades of Prometheus. It is advised to review Prometheus release notes /// to ensure that no incompatible alert relabel configs are going to break @@ -62,13 +56,11 @@ pub struct PrometheusSpec { pub additional_alert_relabel_configs: Option, /// AdditionalArgs allows setting additional arguments for the 'prometheus' container. /// - /// /// It is intended for e.g. activating hidden flags which are not supported by /// the dedicated configuration options yet. The arguments are passed as-is to the /// Prometheus container which may cause issues if they are invalid or not supported /// by the given Prometheus version. /// - /// /// In case of an argument conflict (e.g. an argument which is already set by the /// operator itself) or when providing an invalid argument, the reconciliation will /// fail and an error will be logged. @@ -96,7 +88,6 @@ pub struct PrometheusSpec { /// AllowOverlappingBlocks enables vertical compaction and vertical query /// merge in Prometheus. /// - /// /// Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowOverlappingBlocks")] pub allow_overlapping_blocks: Option, @@ -122,7 +113,6 @@ pub struct PrometheusSpec { /// AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. /// If the field isn't set, the operator mounts the service account token by default. /// - /// /// **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. /// It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "automountServiceAccountToken")] @@ -133,7 +123,6 @@ pub struct PrometheusSpec { /// BodySizeLimit defines per-scrape on response body size. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodySizeLimit")] @@ -151,13 +140,11 @@ pub struct PrometheusSpec { /// container if they share the same name and modifications are done via a /// strategic merge patch. /// - /// /// The names of containers managed by the operator are: /// * `prometheus` /// * `config-reloader` /// * `thanos-sidecar` /// - /// /// Overriding containers is entirely outside the scope of what the /// maintainers will support and by doing so, you accept that this behaviour /// may break at any time without notice. @@ -168,39 +155,33 @@ pub struct PrometheusSpec { pub disable_compaction: Option, /// Enables access to the Prometheus web admin API. /// - /// /// WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, /// shutdown Prometheus, and more. Enabling this should be done with care and the /// user is advised to add additional authentication authorization via a proxy to /// ensure only clients authorized to perform these actions can do so. /// - /// /// For more information: /// https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableAdminAPI")] pub enable_admin_api: Option, /// Enable access to Prometheus feature flags. By default, no features are enabled. /// - /// /// Enabling features which are disabled by default is entirely outside the /// scope of what the maintainers will support and by doing so, you accept /// that this behaviour may break at any time without notice. /// - /// /// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, /// Enable Prometheus to be used as a receiver for the Prometheus remote /// write protocol. /// - /// /// WARNING: This is not considered an efficient way of ingesting samples. /// Use it with caution for specific low-volume use cases. /// It is not suitable for replacing the ingestion via scraping and turning /// Prometheus into a push-based metrics collection system. /// For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver /// - /// /// It requires Prometheus >= v2.33.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRemoteWriteReceiver")] pub enable_remote_write_receiver: Option, @@ -209,10 +190,8 @@ pub struct PrometheusSpec { /// Targets responding with a body larger than this many bytes will cause /// the scrape to fail. /// - /// /// It requires Prometheus >= v2.28.0. /// - /// /// When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -226,10 +205,8 @@ pub struct PrometheusSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is /// greater than zero and less than `spec.enforcedKeepDroppedTargets`. /// - /// /// It requires Prometheus >= v2.47.0. /// - /// /// When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -242,10 +219,8 @@ pub struct PrometheusSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is /// greater than zero and less than `spec.enforcedLabelLimit`. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -258,10 +233,8 @@ pub struct PrometheusSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is /// greater than zero and less than `spec.enforcedLabelNameLengthLimit`. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -274,10 +247,8 @@ pub struct PrometheusSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is /// greater than zero and less than `spec.enforcedLabelValueLengthLimit`. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -287,16 +258,13 @@ pub struct PrometheusSpec { pub enforced_label_value_length_limit: Option, /// When not empty, a label will be added to: /// - /// /// 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. /// 2. All metrics generated from recording rules defined in `PrometheusRule` objects. /// 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. /// 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. /// - /// /// The label will not added for objects referenced in `spec.excludedFromEnforcement`. /// - /// /// The label's name is this field's value. /// The label's value is the namespace of the `ServiceMonitor`, /// `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -308,11 +276,9 @@ pub struct PrometheusSpec { /// unless `spec.sampleLimit` is greater than zero and less than /// `spec.enforcedSampleLimit`. /// - /// /// It is meant to be used by admins to keep the overall number of /// samples/series under a desired limit. /// - /// /// When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -325,11 +291,9 @@ pub struct PrometheusSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is /// greater than zero and less than `spec.enforcedTargetLimit`. /// - /// /// It is meant to be used by admins to to keep the overall number of /// targets under a desired limit. /// - /// /// When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -344,7 +308,6 @@ pub struct PrometheusSpec { /// List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects /// to be excluded from enforcing a namespace label of origin. /// - /// /// It is only applicable if `spec.enforcedNamespaceLabel` set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "excludedFromEnforcement")] pub excluded_from_enforcement: Option>, @@ -369,11 +332,9 @@ pub struct PrometheusSpec { pub host_aliases: Option>, /// Use the host's network namespace if true. /// - /// /// Make sure to understand the security implications if you want to enable /// it (https://kubernetes.io/docs/concepts/configuration/overview/). /// - /// /// When hostNetwork is enabled, this will set the DNS policy to /// `ClusterFirstWithHostNet` automatically. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetwork")] @@ -387,11 +348,9 @@ pub struct PrometheusSpec { /// Container image name for Prometheus. If specified, it takes precedence /// over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. /// - /// /// Specifying `spec.version` is still necessary to ensure the Prometheus /// Operator knows which version of Prometheus is being configured. /// - /// /// If neither `spec.image` nor `spec.baseImage` are defined, the operator /// will use the latest upstream version of Prometheus available at the time /// when the operator was released. @@ -415,11 +374,9 @@ pub struct PrometheusSpec { /// containers if they share the same name and modifications are done via a /// strategic merge patch. /// - /// /// The names of init container name managed by the operator are: /// * `init-config-reloader`. /// - /// /// Overriding init containers is entirely outside the scope of what the /// maintainers will support and by doing so, you accept that this behaviour /// may break at any time without notice. @@ -428,10 +385,8 @@ pub struct PrometheusSpec { /// Per-scrape limit on the number of targets dropped by relabeling /// that will be kept in memory. 0 means no limit. /// - /// /// It requires Prometheus >= v2.47.0. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] @@ -439,7 +394,6 @@ pub struct PrometheusSpec { /// Per-scrape limit on number of labels that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelLimit")] @@ -447,7 +401,6 @@ pub struct PrometheusSpec { /// Per-scrape limit on length of labels name that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelNameLengthLimit")] @@ -455,7 +408,6 @@ pub struct PrometheusSpec { /// Per-scrape limit on length of labels value that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] @@ -478,7 +430,6 @@ pub struct PrometheusSpec { /// without any of its container crashing for it to be considered available. /// Defaults to 0 (pod will be considered available as soon as it is ready) /// - /// /// This is an alpha field from kubernetes 1.22 until 1.24 which requires /// enabling the StatefulSetMinReadySeconds feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReadySeconds")] @@ -514,7 +465,6 @@ pub struct PrometheusSpec { pub persistent_volume_claim_retention_policy: Option, /// PodMetadata configures labels and annotations which are propagated to the Prometheus pods. /// - /// /// The following items are reserved and cannot be overridden: /// * "prometheus" label, set to the name of the Prometheus object. /// * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -534,7 +484,6 @@ pub struct PrometheusSpec { /// PodMonitors to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -564,7 +513,6 @@ pub struct PrometheusSpec { /// Probes to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -579,7 +527,6 @@ pub struct PrometheusSpec { /// name. The external label will _not_ be added when the field is set to /// the empty string (`""`). /// - /// /// Default: "prometheus" #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusExternalLabelName")] pub prometheus_external_label_name: Option, @@ -594,7 +541,6 @@ pub struct PrometheusSpec { pub query: Option, /// queryLogFile specifies where the file to which PromQL queries are logged. /// - /// /// If the filename has an empty path, e.g. 'query.log', The Prometheus Pods /// will mount the file into an emptyDir volume at `/var/log/prometheus`. /// If a full path is provided, e.g. '/var/log/prometheus/query.log', you @@ -620,7 +566,6 @@ pub struct PrometheusSpec { /// The external label will _not_ be added when the field is set to the /// empty string (`""`). /// - /// /// Default: "prometheus_replica" #[serde(default, skip_serializing_if = "Option::is_none", rename = "replicaExternalLabelName")] pub replica_external_label_name: Option, @@ -628,7 +573,6 @@ pub struct PrometheusSpec { /// `spec.replicas` multiplied by `spec.shards` is the total number of Pods /// created. /// - /// /// Default: 1 #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, @@ -637,7 +581,6 @@ pub struct PrometheusSpec { pub resources: Option, /// How long to retain the Prometheus data. /// - /// /// Default: "24h" if `spec.retention` and `spec.retentionSize` are empty. #[serde(default, skip_serializing_if = "Option::is_none")] pub retention: Option, @@ -646,7 +589,6 @@ pub struct PrometheusSpec { pub retention_size: Option, /// The route prefix Prometheus registers HTTP handlers for. /// - /// /// This is useful when using `spec.externalURL`, and a proxy is rewriting /// HTTP routes of a request, and the actual ExternalURL is still true, but /// the server serves requests under a different route prefix. For example @@ -669,7 +611,6 @@ pub struct PrometheusSpec { /// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sampleLimit")] @@ -677,7 +618,6 @@ pub struct PrometheusSpec { /// List of scrape classes to expose to scraping objects such as /// PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClasses")] @@ -686,14 +626,12 @@ pub struct PrometheusSpec { /// matches all namespaces. A null label selector matches the current /// namespace only. /// - /// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigNamespaceSelector")] pub scrape_config_namespace_selector: Option, /// ScrapeConfigs to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -703,23 +641,19 @@ pub struct PrometheusSpec { /// of the custom resource definition. It is recommended to use /// `spec.additionalScrapeConfigs` instead. /// - /// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigSelector")] pub scrape_config_selector: Option, /// Interval between consecutive scrapes. /// - /// /// Default: "30s" #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeInterval")] pub scrape_interval: Option, /// The protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// - /// /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.49.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, @@ -743,7 +677,6 @@ pub struct PrometheusSpec { /// Defines the service discovery role used to discover targets from /// `ServiceMonitor` objects and Alertmanager endpoints. /// - /// /// If set, the value should be either "Endpoints" or "EndpointSlice". /// If unset, the operator assumes the "Endpoints" role. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceDiscoveryRole")] @@ -756,7 +689,6 @@ pub struct PrometheusSpec { /// ServiceMonitors to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -773,18 +705,15 @@ pub struct PrometheusSpec { /// Number of shards to distribute targets onto. `spec.replicas` /// multiplied by `spec.shards` is the total number of Pods created. /// - /// /// Note that scaling down shards will not reshard data onto remaining /// instances, it must be manually moved. Increasing shards will not reshard /// data either but it will continue to be available from the same /// instances. To query globally, use Thanos sidecar and Thanos querier or /// remote write data to a central location. /// - /// /// Sharding is performed on the content of the `__address__` target meta-label /// for PodMonitors and ServiceMonitors and `__param_target__` for Probes. /// - /// /// Default: 1 #[serde(default, skip_serializing_if = "Option::is_none")] pub shards: Option, @@ -797,7 +726,6 @@ pub struct PrometheusSpec { /// TargetLimit defines a limit on the number of scraped targets that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLimit")] @@ -813,19 +741,17 @@ pub struct PrometheusSpec { pub topology_spread_constraints: Option>, /// TracingConfig configures tracing in Prometheus. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfig")] pub tracing_config: Option, - /// Defines the runtime reloadable configuration of the timeseries database - /// (TSDB). + /// Defines the runtime reloadable configuration of the timeseries database(TSDB). + /// It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub tsdb: Option, /// Version of Prometheus being deployed. The operator uses this information /// to generate the Prometheus StatefulSet + configuration files. /// - /// /// If not specified, the operator assumes the latest upstream version of /// Prometheus available at the time when the version of the operator was /// released. @@ -833,7 +759,6 @@ pub struct PrometheusSpec { pub version: Option, /// VolumeMounts allows the configuration of additional VolumeMounts. /// - /// /// VolumeMounts will be appended to other VolumeMounts in the 'prometheus' /// container, that are generated as a result of StorageSpec objects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] @@ -845,10 +770,8 @@ pub struct PrometheusSpec { pub volumes: Option>, /// Configures compression of the write-ahead log (WAL) using Snappy. /// - /// /// WAL compression is enabled by default for Prometheus >= 2.20.0 /// - /// /// Requires Prometheus v2.11.0 and above. #[serde(default, skip_serializing_if = "Option::is_none", rename = "walCompression")] pub wal_compression: Option, @@ -863,13 +786,10 @@ pub struct PrometheusSpec { /// Prometheus Operator. They must be formatted according to the official /// Prometheus documentation: /// -/// /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config /// -/// /// The user is responsible for making sure that the configurations are valid /// -/// /// Note that using this feature may expose the possibility to break /// upgrades of Prometheus. It is advised to review Prometheus release notes /// to ensure that no incompatible AlertManager configs are going to break @@ -882,9 +802,7 @@ pub struct PrometheusAdditionalAlertManagerConfigs { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -898,13 +816,10 @@ pub struct PrometheusAdditionalAlertManagerConfigs { /// Prometheus Operator. They must be formatted according to the official /// Prometheus documentation: /// -/// /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs /// -/// /// The user is responsible for making sure that the configurations are valid /// -/// /// Note that using this feature may expose the possibility to break /// upgrades of Prometheus. It is advised to review Prometheus release notes /// to ensure that no incompatible alert relabel configs are going to break @@ -917,9 +832,7 @@ pub struct PrometheusAdditionalAlertRelabelConfigs { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -956,9 +869,7 @@ pub struct PrometheusAdditionalScrapeConfigs { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1172,7 +1083,7 @@ pub struct PrometheusAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1183,7 +1094,7 @@ pub struct PrometheusAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1293,7 +1204,7 @@ pub struct PrometheusAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1304,7 +1215,7 @@ pub struct PrometheusAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1445,7 +1356,7 @@ pub struct PrometheusAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1456,7 +1367,7 @@ pub struct PrometheusAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1566,7 +1477,7 @@ pub struct PrometheusAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1577,7 +1488,7 @@ pub struct PrometheusAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1688,22 +1599,18 @@ pub struct PrometheusAlertingAlertmanagers { pub api_version: Option, /// Authorization section for Alertmanager. /// - /// /// Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// BasicAuth configuration for Alertmanager. /// - /// /// Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// File to read bearer token for Alertmanager. /// - /// /// Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. /// - /// /// Deprecated: this will be removed in a future release. Prefer using `authorization`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, @@ -1714,7 +1621,6 @@ pub struct PrometheusAlertingAlertmanagers { pub name: String, /// Namespace of the Endpoints object. /// - /// /// If not set, the object will be discovered in the namespace of the /// Prometheus object. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1732,10 +1638,8 @@ pub struct PrometheusAlertingAlertmanagers { pub scheme: Option, /// Sigv4 allows to configures AWS's Signature Verification 4 for the URL. /// - /// /// It requires Prometheus >= v2.48.0. /// - /// /// Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] pub sigv4: Option, @@ -1750,23 +1654,19 @@ pub struct PrometheusAlertingAlertmanagers { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAlertingAlertmanagersAlertRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -1776,7 +1676,6 @@ pub struct PrometheusAlertingAlertmanagersAlertRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -1790,11 +1689,9 @@ pub struct PrometheusAlertingAlertmanagersAlertRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -1803,7 +1700,6 @@ pub struct PrometheusAlertingAlertmanagersAlertRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAlertingAlertmanagersAlertRelabelingsAction { @@ -1849,7 +1745,6 @@ pub enum PrometheusAlertingAlertmanagersAlertRelabelingsAction { /// Authorization section for Alertmanager. /// -/// /// Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAlertingAlertmanagersAuthorization { @@ -1858,10 +1753,8 @@ pub struct PrometheusAlertingAlertmanagersAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1876,9 +1769,7 @@ pub struct PrometheusAlertingAlertmanagersAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1888,7 +1779,6 @@ pub struct PrometheusAlertingAlertmanagersAuthorizationCredentials { /// BasicAuth configuration for Alertmanager. /// -/// /// Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAlertingAlertmanagersBasicAuth { @@ -1912,9 +1802,7 @@ pub struct PrometheusAlertingAlertmanagersBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1932,9 +1820,7 @@ pub struct PrometheusAlertingAlertmanagersBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1945,23 +1831,19 @@ pub struct PrometheusAlertingAlertmanagersBasicAuthUsername { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAlertingAlertmanagersRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -1971,7 +1853,6 @@ pub struct PrometheusAlertingAlertmanagersRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -1985,11 +1866,9 @@ pub struct PrometheusAlertingAlertmanagersRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -1998,7 +1877,6 @@ pub struct PrometheusAlertingAlertmanagersRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAlertingAlertmanagersRelabelingsAction { @@ -2044,10 +1922,8 @@ pub enum PrometheusAlertingAlertmanagersRelabelingsAction { /// Sigv4 allows to configures AWS's Signature Verification 4 for the URL. /// -/// /// It requires Prometheus >= v2.48.0. /// -/// /// Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAlertingAlertmanagersSigv4 { @@ -2080,9 +1956,7 @@ pub struct PrometheusAlertingAlertmanagersSigv4AccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2100,9 +1974,7 @@ pub struct PrometheusAlertingAlertmanagersSigv4SecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2136,13 +2008,11 @@ pub struct PrometheusAlertingAlertmanagersTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2171,9 +2041,7 @@ pub struct PrometheusAlertingAlertmanagersTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2190,9 +2058,7 @@ pub struct PrometheusAlertingAlertmanagersTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2220,9 +2086,7 @@ pub struct PrometheusAlertingAlertmanagersTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2239,9 +2103,7 @@ pub struct PrometheusAlertingAlertmanagersTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2258,9 +2120,7 @@ pub struct PrometheusAlertingAlertmanagersTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2303,14 +2163,12 @@ pub enum PrometheusAlertingAlertmanagersTlsConfigMinVersion { pub struct PrometheusApiserverConfig { /// Authorization section for the API server. /// - /// /// Cannot be set at the same time as `basicAuth`, `bearerToken`, or /// `bearerTokenFile`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// BasicAuth configuration for the API server. /// - /// /// Cannot be set at the same time as `authorization`, `bearerToken`, or /// `bearerTokenFile`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] @@ -2318,16 +2176,13 @@ pub struct PrometheusApiserverConfig { /// *Warning: this field shouldn't be used because the token value appears /// in clear-text. Prefer using `authorization`.* /// - /// /// Deprecated: this will be removed in a future release. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, /// File to read bearer token for accessing apiserver. /// - /// /// Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. /// - /// /// Deprecated: this will be removed in a future release. Prefer using `authorization`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, @@ -2341,7 +2196,6 @@ pub struct PrometheusApiserverConfig { /// Authorization section for the API server. /// -/// /// Cannot be set at the same time as `basicAuth`, `bearerToken`, or /// `bearerTokenFile`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2354,10 +2208,8 @@ pub struct PrometheusApiserverConfigAuthorization { pub credentials_file: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2372,9 +2224,7 @@ pub struct PrometheusApiserverConfigAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2384,7 +2234,6 @@ pub struct PrometheusApiserverConfigAuthorizationCredentials { /// BasicAuth configuration for the API server. /// -/// /// Cannot be set at the same time as `authorization`, `bearerToken`, or /// `bearerTokenFile`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2409,9 +2258,7 @@ pub struct PrometheusApiserverConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2429,9 +2276,7 @@ pub struct PrometheusApiserverConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2465,13 +2310,11 @@ pub struct PrometheusApiserverConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2500,9 +2343,7 @@ pub struct PrometheusApiserverConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2519,9 +2360,7 @@ pub struct PrometheusApiserverConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2549,9 +2388,7 @@ pub struct PrometheusApiserverConfigTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2568,9 +2405,7 @@ pub struct PrometheusApiserverConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2587,9 +2422,7 @@ pub struct PrometheusApiserverConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2855,9 +2688,7 @@ pub struct PrometheusContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2900,9 +2731,7 @@ pub struct PrometheusContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2931,9 +2760,7 @@ pub struct PrometheusContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2948,9 +2775,7 @@ pub struct PrometheusContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3235,7 +3060,6 @@ pub struct PrometheusContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3386,7 +3210,6 @@ pub struct PrometheusContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3458,11 +3281,9 @@ pub struct PrometheusContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3485,6 +3306,11 @@ pub struct PrometheusContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -3518,7 +3344,7 @@ pub struct PrometheusContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3641,7 +3467,6 @@ pub struct PrometheusContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3753,7 +3578,6 @@ pub struct PrometheusContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3838,10 +3662,8 @@ pub struct PrometheusContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3849,11 +3671,9 @@ pub struct PrometheusContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3913,11 +3733,9 @@ pub enum PrometheusExcludedFromEnforcementResource { pub struct PrometheusExemplars { /// Maximum number of exemplars stored in memory for all series. /// - /// /// exemplar-storage itself must be enabled using the `spec.enableFeature` /// option for exemplars to be scraped in the first place. /// - /// /// If not set, Prometheus uses its default value. A value of zero or less /// than zero disables the storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxSize")] @@ -3953,9 +3771,7 @@ pub struct PrometheusImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4176,9 +3992,7 @@ pub struct PrometheusInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4221,9 +4035,7 @@ pub struct PrometheusInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4252,9 +4064,7 @@ pub struct PrometheusInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4269,9 +4079,7 @@ pub struct PrometheusInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4556,7 +4364,6 @@ pub struct PrometheusInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4707,7 +4514,6 @@ pub struct PrometheusInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4779,11 +4585,9 @@ pub struct PrometheusInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4806,6 +4610,11 @@ pub struct PrometheusInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4839,7 +4648,7 @@ pub struct PrometheusInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4962,7 +4771,6 @@ pub struct PrometheusInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5074,7 +4882,6 @@ pub struct PrometheusInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5159,10 +4966,8 @@ pub struct PrometheusInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5170,11 +4975,9 @@ pub struct PrometheusInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5250,7 +5053,6 @@ pub struct PrometheusPersistentVolumeClaimRetentionPolicy { /// PodMetadata configures labels and annotations which are propagated to the Prometheus pods. /// -/// /// The following items are reserved and cannot be overridden: /// * "prometheus" label, set to the name of the Prometheus object. /// * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -5319,7 +5121,6 @@ pub struct PrometheusPodMonitorNamespaceSelectorMatchExpressions { /// PodMonitors to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -5392,7 +5193,6 @@ pub struct PrometheusProbeNamespaceSelectorMatchExpressions { /// Probes to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -5477,41 +5277,34 @@ pub enum PrometheusReloadStrategy { pub struct PrometheusRemoteRead { /// Authorization section for the URL. /// - /// /// It requires Prometheus >= v2.26.0. /// - /// /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// BasicAuth configuration for the URL. /// - /// /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// *Warning: this field shouldn't be used because the token value appears /// in clear-text. Prefer using `authorization`.* /// - /// /// Deprecated: this will be removed in a future release. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, /// File from which to read the bearer token for the URL. /// - /// /// Deprecated: this will be removed in a future release. Prefer using `authorization`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, /// Whether to use the external labels as selectors for the remote read endpoint. /// - /// /// It requires Prometheus >= v2.34.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterExternalLabels")] pub filter_external_labels: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. /// - /// /// It requires Prometheus >= v2.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, @@ -5524,7 +5317,6 @@ pub struct PrometheusRemoteRead { /// name is used in metrics and logging in order to differentiate read /// configurations. /// - /// /// It requires Prometheus >= v2.15.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -5532,30 +5324,25 @@ pub struct PrometheusRemoteRead { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// OAuth2 configuration for the URL. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5582,10 +5369,8 @@ pub struct PrometheusRemoteRead { /// Authorization section for the URL. /// -/// /// It requires Prometheus >= v2.26.0. /// -/// /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteReadAuthorization { @@ -5597,10 +5382,8 @@ pub struct PrometheusRemoteReadAuthorization { pub credentials_file: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -5615,9 +5398,7 @@ pub struct PrometheusRemoteReadAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5627,7 +5408,6 @@ pub struct PrometheusRemoteReadAuthorizationCredentials { /// BasicAuth configuration for the URL. /// -/// /// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteReadBasicAuth { @@ -5651,9 +5431,7 @@ pub struct PrometheusRemoteReadBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5671,9 +5449,7 @@ pub struct PrometheusRemoteReadBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5683,10 +5459,8 @@ pub struct PrometheusRemoteReadBasicAuthUsername { /// OAuth2 configuration for the URL. /// -/// /// It requires Prometheus >= v2.27.0. /// -/// /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteReadOauth2 { @@ -5706,21 +5480,18 @@ pub struct PrometheusRemoteReadOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5760,9 +5531,7 @@ pub struct PrometheusRemoteReadOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5779,9 +5548,7 @@ pub struct PrometheusRemoteReadOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5799,9 +5566,7 @@ pub struct PrometheusRemoteReadOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5818,9 +5583,7 @@ pub struct PrometheusRemoteReadOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5846,13 +5609,11 @@ pub struct PrometheusRemoteReadOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5881,9 +5642,7 @@ pub struct PrometheusRemoteReadOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5900,9 +5659,7 @@ pub struct PrometheusRemoteReadOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5930,9 +5687,7 @@ pub struct PrometheusRemoteReadOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5949,9 +5704,7 @@ pub struct PrometheusRemoteReadOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5968,9 +5721,7 @@ pub struct PrometheusRemoteReadOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6015,9 +5766,7 @@ pub struct PrometheusRemoteReadProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6051,13 +5800,11 @@ pub struct PrometheusRemoteReadTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6086,9 +5833,7 @@ pub struct PrometheusRemoteReadTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6105,9 +5850,7 @@ pub struct PrometheusRemoteReadTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6135,9 +5878,7 @@ pub struct PrometheusRemoteReadTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6154,9 +5895,7 @@ pub struct PrometheusRemoteReadTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6173,9 +5912,7 @@ pub struct PrometheusRemoteReadTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6215,38 +5952,31 @@ pub enum PrometheusRemoteReadTlsConfigMinVersion { pub struct PrometheusRemoteWrite { /// Authorization section for the URL. /// - /// /// It requires Prometheus >= v2.26.0. /// - /// /// Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// AzureAD for the URL. /// - /// /// It requires Prometheus >= v2.45.0. /// - /// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureAd")] pub azure_ad: Option, /// BasicAuth configuration for the URL. /// - /// /// Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// *Warning: this field shouldn't be used because the token value appears /// in clear-text. Prefer using `authorization`.* /// - /// /// Deprecated: this will be removed in a future release. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, /// File from which to read bearer token for the URL. /// - /// /// Deprecated: this will be removed in a future release. Prefer using `authorization`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, @@ -6255,14 +5985,12 @@ pub struct PrometheusRemoteWrite { pub enable_http2: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. /// - /// /// It requires Prometheus >= v2.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, /// Custom HTTP headers to be sent along with each remote write request. /// Be aware that headers that are set by Prometheus itself can't be overwritten. /// - /// /// It requires Prometheus >= v2.25.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, @@ -6272,7 +6000,6 @@ pub struct PrometheusRemoteWrite { /// The name of the remote write queue, it must be unique if specified. The /// name is used in metrics and logging in order to differentiate queues. /// - /// /// It requires Prometheus >= v2.15.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -6280,30 +6007,25 @@ pub struct PrometheusRemoteWrite { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// OAuth2 configuration for the URL. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6320,23 +6042,19 @@ pub struct PrometheusRemoteWrite { /// exemplar-storage itself must be enabled using the `spec.enableFeature` /// option for exemplars to be scraped in the first place. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendExemplars")] pub send_exemplars: Option, /// Enables sending of native histograms, also known as sparse histograms /// over remote write. /// - /// /// It requires Prometheus >= v2.40.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendNativeHistograms")] pub send_native_histograms: Option, /// Sigv4 allows to configures AWS's Signature Verification 4 for the URL. /// - /// /// It requires Prometheus >= v2.26.0. /// - /// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub sigv4: Option, @@ -6352,10 +6070,8 @@ pub struct PrometheusRemoteWrite { /// Authorization section for the URL. /// -/// /// It requires Prometheus >= v2.26.0. /// -/// /// Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteAuthorization { @@ -6367,10 +6083,8 @@ pub struct PrometheusRemoteWriteAuthorization { pub credentials_file: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -6385,9 +6099,7 @@ pub struct PrometheusRemoteWriteAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6397,10 +6109,8 @@ pub struct PrometheusRemoteWriteAuthorizationCredentials { /// AzureAD for the URL. /// -/// /// It requires Prometheus >= v2.45.0. /// -/// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteAzureAd { @@ -6414,7 +6124,6 @@ pub struct PrometheusRemoteWriteAzureAd { /// OAuth defines the oauth config that is being used to authenticate. /// Cannot be set at the same time as `managedIdentity` or `sdk`. /// - /// /// It requires Prometheus >= v2.48.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth: Option, @@ -6422,7 +6131,6 @@ pub struct PrometheusRemoteWriteAzureAd { /// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication /// Cannot be set at the same time as `oauth` or `managedIdentity`. /// - /// /// It requires Prometheus >= 2.52.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub sdk: Option, @@ -6430,10 +6138,8 @@ pub struct PrometheusRemoteWriteAzureAd { /// AzureAD for the URL. /// -/// /// It requires Prometheus >= v2.45.0. /// -/// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusRemoteWriteAzureAdCloud { @@ -6454,7 +6160,6 @@ pub struct PrometheusRemoteWriteAzureAdManagedIdentity { /// OAuth defines the oauth config that is being used to authenticate. /// Cannot be set at the same time as `managedIdentity` or `sdk`. /// -/// /// It requires Prometheus >= v2.48.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteAzureAdOauth { @@ -6478,9 +6183,7 @@ pub struct PrometheusRemoteWriteAzureAdOauthClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6492,7 +6195,6 @@ pub struct PrometheusRemoteWriteAzureAdOauthClientSecret { /// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication /// Cannot be set at the same time as `oauth` or `managedIdentity`. /// -/// /// It requires Prometheus >= 2.52.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteAzureAdSdk { @@ -6503,7 +6205,6 @@ pub struct PrometheusRemoteWriteAzureAdSdk { /// BasicAuth configuration for the URL. /// -/// /// Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteBasicAuth { @@ -6527,9 +6228,7 @@ pub struct PrometheusRemoteWriteBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6547,9 +6246,7 @@ pub struct PrometheusRemoteWriteBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6570,10 +6267,8 @@ pub struct PrometheusRemoteWriteMetadataConfig { /// OAuth2 configuration for the URL. /// -/// /// It requires Prometheus >= v2.27.0. /// -/// /// Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteOauth2 { @@ -6593,21 +6288,18 @@ pub struct PrometheusRemoteWriteOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6647,9 +6339,7 @@ pub struct PrometheusRemoteWriteOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6666,9 +6356,7 @@ pub struct PrometheusRemoteWriteOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6686,9 +6374,7 @@ pub struct PrometheusRemoteWriteOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6705,9 +6391,7 @@ pub struct PrometheusRemoteWriteOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6733,13 +6417,11 @@ pub struct PrometheusRemoteWriteOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6768,9 +6450,7 @@ pub struct PrometheusRemoteWriteOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6787,9 +6467,7 @@ pub struct PrometheusRemoteWriteOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6817,9 +6495,7 @@ pub struct PrometheusRemoteWriteOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6836,9 +6512,7 @@ pub struct PrometheusRemoteWriteOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6855,9 +6529,7 @@ pub struct PrometheusRemoteWriteOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6902,9 +6574,7 @@ pub struct PrometheusRemoteWriteProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6942,7 +6612,6 @@ pub struct PrometheusRemoteWriteQueueConfig { pub min_shards: Option, /// Retry upon receiving a 429 status code from the remote-write storage. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryOnRateLimit")] @@ -6955,10 +6624,8 @@ pub struct PrometheusRemoteWriteQueueConfig { /// Sigv4 allows to configures AWS's Signature Verification 4 for the URL. /// -/// /// It requires Prometheus >= v2.26.0. /// -/// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteSigv4 { @@ -6991,9 +6658,7 @@ pub struct PrometheusRemoteWriteSigv4AccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7011,9 +6676,7 @@ pub struct PrometheusRemoteWriteSigv4SecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7047,13 +6710,11 @@ pub struct PrometheusRemoteWriteTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7082,9 +6743,7 @@ pub struct PrometheusRemoteWriteTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7101,9 +6760,7 @@ pub struct PrometheusRemoteWriteTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7131,9 +6788,7 @@ pub struct PrometheusRemoteWriteTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7150,9 +6805,7 @@ pub struct PrometheusRemoteWriteTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7169,9 +6822,7 @@ pub struct PrometheusRemoteWriteTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7208,23 +6859,19 @@ pub enum PrometheusRemoteWriteTlsConfigMinVersion { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteWriteRelabelConfigs { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -7234,7 +6881,6 @@ pub struct PrometheusRemoteWriteWriteRelabelConfigs { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -7248,11 +6894,9 @@ pub struct PrometheusRemoteWriteWriteRelabelConfigs { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -7261,7 +6905,6 @@ pub struct PrometheusRemoteWriteWriteRelabelConfigs { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusRemoteWriteWriteRelabelConfigsAction { @@ -7311,11 +6954,9 @@ pub struct PrometheusResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -7338,6 +6979,11 @@ pub struct PrometheusResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Namespaces to match for PrometheusRule discovery. An empty label selector @@ -7409,7 +7055,6 @@ pub struct PrometheusRuleSelectorMatchExpressions { pub struct PrometheusRules { /// Defines the parameters of the Prometheus rules' engine. /// - /// /// Any update to these parameters trigger a restart of the pods. #[serde(default, skip_serializing_if = "Option::is_none")] pub alert: Option, @@ -7417,13 +7062,11 @@ pub struct PrometheusRules { /// Defines the parameters of the Prometheus rules' engine. /// -/// /// Any update to these parameters trigger a restart of the pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRulesAlert { /// Minimum duration between alert and restored 'for' state. /// - /// /// This is maintained only for alerts with a configured 'for' time greater /// than the grace period. #[serde(default, skip_serializing_if = "Option::is_none", rename = "forGracePeriod")] @@ -7448,18 +7091,15 @@ pub struct PrometheusScrapeClasses { /// Default indicates that the scrape applies to all scrape objects that /// don't configure an explicit scrape class name. /// - /// /// Only one scrape class can be set as the default. #[serde(default, skip_serializing_if = "Option::is_none")] pub default: Option, /// MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. /// - /// /// The Operator adds the scrape class metric relabelings defined here. /// Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. /// Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. /// - /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricRelabelings")] pub metric_relabelings: Option>, @@ -7467,13 +7107,11 @@ pub struct PrometheusScrapeClasses { pub name: String, /// Relabelings configures the relabeling rules to apply to all scrape targets. /// - /// /// The Operator automatically adds relabelings for a few standard Kubernetes fields /// like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. /// Then the Operator adds the scrape class relabelings defined here. /// Then the Operator adds the target-specific relabelings defined in the scrape object. /// - /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[serde(default, skip_serializing_if = "Option::is_none")] pub relabelings: Option>, @@ -7481,7 +7119,6 @@ pub struct PrometheusScrapeClasses { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// - /// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -7495,7 +7132,6 @@ pub struct PrometheusScrapeClassesAttachMetadata { /// When set to true, Prometheus attaches node metadata to the discovered /// targets. /// - /// /// The Prometheus service account must have the `list` and `watch` /// permissions on the `Nodes` objects. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -7505,23 +7141,19 @@ pub struct PrometheusScrapeClassesAttachMetadata { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusScrapeClassesMetricRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -7531,7 +7163,6 @@ pub struct PrometheusScrapeClassesMetricRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -7545,11 +7176,9 @@ pub struct PrometheusScrapeClassesMetricRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -7558,7 +7187,6 @@ pub struct PrometheusScrapeClassesMetricRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusScrapeClassesMetricRelabelingsAction { @@ -7605,23 +7233,19 @@ pub enum PrometheusScrapeClassesMetricRelabelingsAction { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusScrapeClassesRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -7631,7 +7255,6 @@ pub struct PrometheusScrapeClassesRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -7645,11 +7268,9 @@ pub struct PrometheusScrapeClassesRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -7658,7 +7279,6 @@ pub struct PrometheusScrapeClassesRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusScrapeClassesRelabelingsAction { @@ -7706,7 +7326,6 @@ pub enum PrometheusScrapeClassesRelabelingsAction { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// -/// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusScrapeClassesTlsConfig { @@ -7733,13 +7352,11 @@ pub struct PrometheusScrapeClassesTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7768,9 +7385,7 @@ pub struct PrometheusScrapeClassesTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7787,9 +7402,7 @@ pub struct PrometheusScrapeClassesTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7817,9 +7430,7 @@ pub struct PrometheusScrapeClassesTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7836,9 +7447,7 @@ pub struct PrometheusScrapeClassesTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7855,9 +7464,7 @@ pub struct PrometheusScrapeClassesTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7869,7 +7476,6 @@ pub struct PrometheusScrapeClassesTlsConfigKeySecret { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// -/// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusScrapeClassesTlsConfigMaxVersion { @@ -7887,7 +7493,6 @@ pub enum PrometheusScrapeClassesTlsConfigMaxVersion { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// -/// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusScrapeClassesTlsConfigMinVersion { @@ -7905,7 +7510,6 @@ pub enum PrometheusScrapeClassesTlsConfigMinVersion { /// matches all namespaces. A null label selector matches the current /// namespace only. /// -/// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusScrapeConfigNamespaceSelector { @@ -7939,7 +7543,6 @@ pub struct PrometheusScrapeConfigNamespaceSelectorMatchExpressions { /// ScrapeConfigs to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -7949,7 +7552,6 @@ pub struct PrometheusScrapeConfigNamespaceSelectorMatchExpressions { /// of the custom resource definition. It is recommended to use /// `spec.additionalScrapeConfigs` instead. /// -/// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusScrapeConfigSelector { @@ -7992,12 +7594,10 @@ pub struct PrometheusSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -8047,15 +7647,24 @@ pub struct PrometheusSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -8123,7 +7732,6 @@ pub struct PrometheusSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -8211,7 +7819,6 @@ pub struct PrometheusServiceMonitorNamespaceSelectorMatchExpressions { /// ServiceMonitors to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -8308,7 +7915,6 @@ pub struct PrometheusStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -8318,11 +7924,9 @@ pub struct PrometheusStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -8336,7 +7940,6 @@ pub struct PrometheusStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -8346,11 +7949,9 @@ pub struct PrometheusStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusStorageEphemeralVolumeClaimTemplate { @@ -8443,7 +8044,7 @@ pub struct PrometheusStorageEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -8689,7 +8290,7 @@ pub struct PrometheusStorageVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -8827,7 +8428,6 @@ pub struct PrometheusStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -8849,13 +8449,11 @@ pub struct PrometheusStorageVolumeClaimTemplateStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -8867,7 +8465,6 @@ pub struct PrometheusStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -8876,13 +8473,11 @@ pub struct PrometheusStorageVolumeClaimTemplateStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -8895,12 +8490,12 @@ pub struct PrometheusStorageVolumeClaimTemplateStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -8910,7 +8505,7 @@ pub struct PrometheusStorageVolumeClaimTemplateStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusStorageVolumeClaimTemplateStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: @@ -8946,7 +8541,6 @@ pub struct PrometheusThanos { /// BlockDuration controls the size of TSDB blocks produced by Prometheus. /// The default value is 2h to match the upstream Prometheus defaults. /// - /// /// WARNING: Changing the block duration can impact the performance and /// efficiency of the entire Prometheus/Thanos stack due to how it interacts /// with memory and Thanos compactors. It is recommended to keep this value @@ -8963,20 +8557,17 @@ pub struct PrometheusThanos { /// When true, the Thanos sidecar listens on the loopback interface instead /// of the Pod IP's address for the gRPC endpoints. /// - /// /// It has no effect if `listenLocal` is true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grpcListenLocal")] pub grpc_listen_local: Option, /// Configures the TLS parameters for the gRPC server providing the StoreAPI. /// - /// /// Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grpcServerTlsConfig")] pub grpc_server_tls_config: Option, /// When true, the Thanos sidecar listens on the loopback interface instead /// of the Pod IP's address for the HTTP endpoints. /// - /// /// It has no effect if `listenLocal` is true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpListenLocal")] pub http_listen_local: Option, @@ -8984,11 +8575,9 @@ pub struct PrometheusThanos { /// the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` /// fields. /// - /// /// Specifying `spec.thanos.version` is still necessary to ensure the /// Prometheus Operator knows which version of Thanos is being configured. /// - /// /// If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined, /// the operator will use the latest upstream version of Thanos available at /// the time when the operator was released. @@ -9011,19 +8600,15 @@ pub struct PrometheusThanos { pub min_time: Option, /// Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. /// - /// /// More info: https://thanos.io/tip/thanos/storage.md/ /// - /// /// objectStorageConfigFile takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageConfig")] pub object_storage_config: Option, /// Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. /// - /// /// More info: https://thanos.io/tip/thanos/storage.md/ /// - /// /// This field takes precedence over objectStorageConfig. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageConfigFile")] pub object_storage_config_file: Option, @@ -9042,26 +8627,20 @@ pub struct PrometheusThanos { pub tag: Option, /// Defines the tracing configuration for the Thanos sidecar. /// - /// /// `tracingConfigFile` takes precedence over this field. /// - /// /// More info: https://thanos.io/tip/thanos/tracing.md/ /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfig")] pub tracing_config: Option, /// Defines the tracing configuration file for the Thanos sidecar. /// - /// /// This field takes precedence over `tracingConfig`. /// - /// /// More info: https://thanos.io/tip/thanos/tracing.md/ /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfigFile")] @@ -9069,7 +8648,6 @@ pub struct PrometheusThanos { /// Version of Thanos being deployed. The operator uses this information /// to generate the Prometheus StatefulSet + configuration files. /// - /// /// If not specified, the operator assumes the latest upstream release of /// Thanos available at the time when the version of the operator was /// released. @@ -9094,7 +8672,6 @@ pub struct PrometheusThanosAdditionalArgs { /// Configures the TLS parameters for the gRPC server providing the StoreAPI. /// -/// /// Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusThanosGrpcServerTlsConfig { @@ -9121,13 +8698,11 @@ pub struct PrometheusThanosGrpcServerTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -9156,9 +8731,7 @@ pub struct PrometheusThanosGrpcServerTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9175,9 +8748,7 @@ pub struct PrometheusThanosGrpcServerTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9205,9 +8776,7 @@ pub struct PrometheusThanosGrpcServerTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9224,9 +8793,7 @@ pub struct PrometheusThanosGrpcServerTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9243,9 +8810,7 @@ pub struct PrometheusThanosGrpcServerTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9255,7 +8820,6 @@ pub struct PrometheusThanosGrpcServerTlsConfigKeySecret { /// Configures the TLS parameters for the gRPC server providing the StoreAPI. /// -/// /// Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusThanosGrpcServerTlsConfigMaxVersion { @@ -9271,7 +8835,6 @@ pub enum PrometheusThanosGrpcServerTlsConfigMaxVersion { /// Configures the TLS parameters for the gRPC server providing the StoreAPI. /// -/// /// Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusThanosGrpcServerTlsConfigMinVersion { @@ -9313,10 +8876,8 @@ pub enum PrometheusThanosLogLevel { /// Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. /// -/// /// More info: https://thanos.io/tip/thanos/storage.md/ /// -/// /// objectStorageConfigFile takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusThanosObjectStorageConfig { @@ -9326,9 +8887,7 @@ pub struct PrometheusThanosObjectStorageConfig { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9342,11 +8901,9 @@ pub struct PrometheusThanosResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -9369,17 +8926,19 @@ pub struct PrometheusThanosResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Defines the tracing configuration for the Thanos sidecar. /// -/// /// `tracingConfigFile` takes precedence over this field. /// -/// /// More info: https://thanos.io/tip/thanos/tracing.md/ /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -9390,9 +8949,7 @@ pub struct PrometheusThanosTracingConfig { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9424,10 +8981,8 @@ pub struct PrometheusThanosVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -9435,11 +8990,9 @@ pub struct PrometheusThanosVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -9504,7 +9057,6 @@ pub struct PrometheusTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -9538,7 +9090,6 @@ pub struct PrometheusTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -9554,7 +9105,6 @@ pub struct PrometheusTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -9565,7 +9115,6 @@ pub struct PrometheusTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -9644,7 +9193,6 @@ pub struct PrometheusTopologySpreadConstraintsLabelSelectorMatchExpressions { /// TracingConfig configures tracing in Prometheus. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -9676,7 +9224,6 @@ pub struct PrometheusTracingConfig { /// TracingConfig configures tracing in Prometheus. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] @@ -9689,7 +9236,6 @@ pub enum PrometheusTracingConfigClientType { /// TracingConfig configures tracing in Prometheus. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] @@ -9724,13 +9270,11 @@ pub struct PrometheusTracingConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -9759,9 +9303,7 @@ pub struct PrometheusTracingConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9778,9 +9320,7 @@ pub struct PrometheusTracingConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9808,9 +9348,7 @@ pub struct PrometheusTracingConfigTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9827,9 +9365,7 @@ pub struct PrometheusTracingConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9846,9 +9382,7 @@ pub struct PrometheusTracingConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9882,23 +9416,20 @@ pub enum PrometheusTracingConfigTlsConfigMinVersion { Tls13, } -/// Defines the runtime reloadable configuration of the timeseries database -/// (TSDB). +/// Defines the runtime reloadable configuration of the timeseries database(TSDB). +/// It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusTsdb { /// Configures how old an out-of-order/out-of-bounds sample can be with /// respect to the TSDB max time. /// - /// /// An out-of-order/out-of-bounds sample is ingested into the TSDB as long as /// the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. /// - /// - /// It requires Prometheus >= v2.39.0. + /// It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "outOfOrderTimeWindow")] pub out_of_order_time_window: Option, } @@ -9927,10 +9458,8 @@ pub struct PrometheusVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -9938,11 +9467,9 @@ pub struct PrometheusVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -9996,7 +9523,6 @@ pub struct PrometheusVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -10007,17 +9533,14 @@ pub struct PrometheusVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -10052,11 +9575,24 @@ pub struct PrometheusVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -10115,7 +9651,6 @@ pub struct PrometheusVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -10211,9 +9746,7 @@ pub struct PrometheusVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10251,9 +9784,7 @@ pub struct PrometheusVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10283,9 +9814,7 @@ pub struct PrometheusVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -10352,9 +9881,7 @@ pub struct PrometheusVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10448,7 +9975,6 @@ pub struct PrometheusVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -10459,17 +9985,14 @@ pub struct PrometheusVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -10482,7 +10005,6 @@ pub struct PrometheusVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -10492,11 +10014,9 @@ pub struct PrometheusVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -10510,7 +10030,6 @@ pub struct PrometheusVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -10520,11 +10039,9 @@ pub struct PrometheusVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusVolumesEphemeralVolumeClaimTemplate { @@ -10617,7 +10134,7 @@ pub struct PrometheusVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -10746,7 +10263,6 @@ pub struct PrometheusVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -10803,9 +10319,7 @@ pub struct PrometheusVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10831,7 +10345,6 @@ pub struct PrometheusVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -10893,9 +10406,6 @@ pub struct PrometheusVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusVolumesHostPath { /// path of the directory on the host. @@ -10909,6 +10419,39 @@ pub struct PrometheusVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -10924,7 +10467,6 @@ pub struct PrometheusVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -10964,9 +10506,7 @@ pub struct PrometheusVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11044,25 +10584,24 @@ pub struct PrometheusVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -11087,14 +10626,11 @@ pub struct PrometheusVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -11177,9 +10713,7 @@ pub struct PrometheusVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -11278,9 +10812,7 @@ pub struct PrometheusVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -11365,7 +10897,6 @@ pub struct PrometheusVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -11412,9 +10943,7 @@ pub struct PrometheusVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11467,9 +10996,7 @@ pub struct PrometheusVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11563,9 +11090,7 @@ pub struct PrometheusVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -11729,9 +11254,7 @@ pub struct PrometheusWebTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -11748,9 +11271,7 @@ pub struct PrometheusWebTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -11778,9 +11299,7 @@ pub struct PrometheusWebTlsConfigClientCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -11797,9 +11316,7 @@ pub struct PrometheusWebTlsConfigClientCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -11816,9 +11333,7 @@ pub struct PrometheusWebTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs index 5efe49d5e..7177b21fd 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs @@ -23,14 +23,12 @@ pub struct ServiceMonitorSpec { /// `attachMetadata` defines additional metadata which is added to the /// discovered targets. /// - /// /// It requires Prometheus >= v2.37.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "attachMetadata")] pub attach_metadata: Option, /// When defined, bodySizeLimit specifies a job level limit on the size /// of uncompressed response body that will be accepted by Prometheus. /// - /// /// It requires Prometheus >= v2.28.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodySizeLimit")] pub body_size_limit: Option, @@ -41,12 +39,10 @@ pub struct ServiceMonitorSpec { /// `jobLabel` selects the label from the associated Kubernetes `Service` /// object which will be used as the `job` label for all metrics. /// - /// /// For example if `jobLabel` is set to `foo` and the Kubernetes `Service` /// object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` /// label to all ingested metrics. /// - /// /// If the value of this field is empty or if the label doesn't exist for /// the given Service, the `job` label of the metrics defaults to the name /// of the associated Kubernetes `Service`. @@ -55,25 +51,21 @@ pub struct ServiceMonitorSpec { /// Per-scrape limit on the number of targets dropped by relabeling /// that will be kept in memory. 0 means no limit. /// - /// /// It requires Prometheus >= v2.47.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] pub keep_dropped_targets: Option, /// Per-scrape limit on number of labels that will be accepted for a sample. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelLimit")] pub label_limit: Option, /// Per-scrape limit on length of labels name that will be accepted for a sample. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelNameLengthLimit")] pub label_name_length_limit: Option, /// Per-scrape limit on length of labels value that will be accepted for a sample. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] pub label_value_length_limit: Option, @@ -95,10 +87,8 @@ pub struct ServiceMonitorSpec { /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// - /// /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.49.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, @@ -117,14 +107,12 @@ pub struct ServiceMonitorSpec { /// `attachMetadata` defines additional metadata which is added to the /// discovered targets. /// -/// /// It requires Prometheus >= v2.37.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorAttachMetadata { /// When set to true, Prometheus attaches node metadata to the discovered /// targets. /// - /// /// The Prometheus service account must have the `list` and `watch` /// permissions on the `Nodes` objects. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -138,20 +126,17 @@ pub struct ServiceMonitorEndpoints { /// `authorization` configures the Authorization header credentials to use when /// scraping the target. /// - /// /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// `basicAuth` configures the Basic Authentication credentials to use when /// scraping the target. /// - /// /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// File to read bearer token for scraping the target. /// - /// /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, @@ -159,7 +144,6 @@ pub struct ServiceMonitorEndpoints { /// token for scraping targets. The secret needs to be in the same namespace /// as the ServiceMonitor object and readable by the Prometheus Operator. /// - /// /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenSecret")] pub bearer_token_secret: Option, @@ -169,10 +153,8 @@ pub struct ServiceMonitorEndpoints { /// When true, the pods which are not running (e.g. either in Failed or /// Succeeded state) are dropped during the target discovery. /// - /// /// If unset, the filtering is enabled. /// - /// /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterRunning")] pub filter_running: Option, @@ -190,7 +172,6 @@ pub struct ServiceMonitorEndpoints { pub honor_timestamps: Option, /// Interval at which Prometheus scrapes the metrics from the target. /// - /// /// If empty, Prometheus uses the global scrape interval. #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, @@ -200,10 +181,8 @@ pub struct ServiceMonitorEndpoints { pub metric_relabelings: Option>, /// `oauth2` configures the OAuth2 settings to use when scraping the target. /// - /// /// It requires Prometheus >= 2.27.0. /// - /// /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, @@ -212,13 +191,11 @@ pub struct ServiceMonitorEndpoints { pub params: Option>, /// HTTP path from which to scrape for metrics. /// - /// /// If empty, Prometheus uses the default value (e.g. `/metrics`). #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Name of the Service port which this endpoint refers to. /// - /// /// It takes precedence over `targetPort`. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, @@ -229,29 +206,23 @@ pub struct ServiceMonitorEndpoints { /// `relabelings` configures the relabeling rules to apply the target's /// metadata labels. /// - /// /// The Operator automatically adds relabelings for a few standard Kubernetes fields. /// - /// /// The original scrape job's name is available via the `__tmp_prometheus_job_name` label. /// - /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[serde(default, skip_serializing_if = "Option::is_none")] pub relabelings: Option>, /// HTTP scheme to use for scraping. /// - /// /// `http` and `https` are the expected values unless you rewrite the /// `__scheme__` label via relabeling. /// - /// /// If empty, Prometheus uses the default value `http`. #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// Timeout after which Prometheus considers the scrape to be failed. /// - /// /// If empty, Prometheus uses the global scrape timeout unless it is less /// than the target's scrape interval value in which the latter is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeTimeout")] @@ -267,7 +238,6 @@ pub struct ServiceMonitorEndpoints { /// the metrics that have an explicit timestamp present in scraped data. /// Has no effect if `honorTimestamps` is false. /// - /// /// It requires Prometheus >= v2.48.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "trackTimestampsStaleness")] pub track_timestamps_staleness: Option, @@ -276,7 +246,6 @@ pub struct ServiceMonitorEndpoints { /// `authorization` configures the Authorization header credentials to use when /// scraping the target. /// -/// /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorEndpointsAuthorization { @@ -285,10 +254,8 @@ pub struct ServiceMonitorEndpointsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -303,9 +270,7 @@ pub struct ServiceMonitorEndpointsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -316,7 +281,6 @@ pub struct ServiceMonitorEndpointsAuthorizationCredentials { /// `basicAuth` configures the Basic Authentication credentials to use when /// scraping the target. /// -/// /// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorEndpointsBasicAuth { @@ -340,9 +304,7 @@ pub struct ServiceMonitorEndpointsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -360,9 +322,7 @@ pub struct ServiceMonitorEndpointsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -374,7 +334,6 @@ pub struct ServiceMonitorEndpointsBasicAuthUsername { /// token for scraping targets. The secret needs to be in the same namespace /// as the ServiceMonitor object and readable by the Prometheus Operator. /// -/// /// Deprecated: use `authorization` instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorEndpointsBearerTokenSecret { @@ -384,9 +343,7 @@ pub struct ServiceMonitorEndpointsBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -397,23 +354,19 @@ pub struct ServiceMonitorEndpointsBearerTokenSecret { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorEndpointsMetricRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -423,7 +376,6 @@ pub struct ServiceMonitorEndpointsMetricRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -437,11 +389,9 @@ pub struct ServiceMonitorEndpointsMetricRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -450,7 +400,6 @@ pub struct ServiceMonitorEndpointsMetricRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ServiceMonitorEndpointsMetricRelabelingsAction { @@ -496,10 +445,8 @@ pub enum ServiceMonitorEndpointsMetricRelabelingsAction { /// `oauth2` configures the OAuth2 settings to use when scraping the target. /// -/// /// It requires Prometheus >= 2.27.0. /// -/// /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorEndpointsOauth2 { @@ -519,21 +466,18 @@ pub struct ServiceMonitorEndpointsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -573,9 +517,7 @@ pub struct ServiceMonitorEndpointsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -592,9 +534,7 @@ pub struct ServiceMonitorEndpointsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -612,9 +552,7 @@ pub struct ServiceMonitorEndpointsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -631,9 +569,7 @@ pub struct ServiceMonitorEndpointsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -659,13 +595,11 @@ pub struct ServiceMonitorEndpointsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -694,9 +628,7 @@ pub struct ServiceMonitorEndpointsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -713,9 +645,7 @@ pub struct ServiceMonitorEndpointsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -743,9 +673,7 @@ pub struct ServiceMonitorEndpointsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -762,9 +690,7 @@ pub struct ServiceMonitorEndpointsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -781,9 +707,7 @@ pub struct ServiceMonitorEndpointsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -822,23 +746,19 @@ pub enum ServiceMonitorEndpointsOauth2TlsConfigMinVersion { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorEndpointsRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -848,7 +768,6 @@ pub struct ServiceMonitorEndpointsRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -862,11 +781,9 @@ pub struct ServiceMonitorEndpointsRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -875,7 +792,6 @@ pub struct ServiceMonitorEndpointsRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ServiceMonitorEndpointsRelabelingsAction { @@ -955,13 +871,11 @@ pub struct ServiceMonitorEndpointsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -990,9 +904,7 @@ pub struct ServiceMonitorEndpointsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1009,9 +921,7 @@ pub struct ServiceMonitorEndpointsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1039,9 +949,7 @@ pub struct ServiceMonitorEndpointsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1058,9 +966,7 @@ pub struct ServiceMonitorEndpointsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1077,9 +983,7 @@ pub struct ServiceMonitorEndpointsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs index 25c9d1fd8..5c8b54ed8 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs @@ -158,7 +158,6 @@ pub struct ThanosRulerSpec { pub paused: Option, /// PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. /// - /// /// The following items are reserved and cannot be overridden: /// * "app.kubernetes.io/name" label, set to "thanos-ruler". /// * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". @@ -231,20 +230,16 @@ pub struct ThanosRulerSpec { pub topology_spread_constraints: Option>, /// TracingConfig configures tracing in Thanos. /// - /// /// `tracingConfigFile` takes precedence over this field. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfig")] pub tracing_config: Option, /// TracingConfig specifies the path of the tracing configuration file. /// - /// /// This field takes precedence over `tracingConfig`. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfigFile")] @@ -482,7 +477,7 @@ pub struct ThanosRulerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -493,7 +488,7 @@ pub struct ThanosRulerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -603,7 +598,7 @@ pub struct ThanosRulerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -614,7 +609,7 @@ pub struct ThanosRulerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -755,7 +750,7 @@ pub struct ThanosRulerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -766,7 +761,7 @@ pub struct ThanosRulerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -876,7 +871,7 @@ pub struct ThanosRulerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -887,7 +882,7 @@ pub struct ThanosRulerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -989,9 +984,7 @@ pub struct ThanosRulerAlertRelabelConfigs { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1009,9 +1002,7 @@ pub struct ThanosRulerAlertmanagersConfig { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1235,9 +1226,7 @@ pub struct ThanosRulerContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1280,9 +1269,7 @@ pub struct ThanosRulerContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1311,9 +1298,7 @@ pub struct ThanosRulerContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1328,9 +1313,7 @@ pub struct ThanosRulerContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1615,7 +1598,6 @@ pub struct ThanosRulerContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1766,7 +1748,6 @@ pub struct ThanosRulerContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1838,11 +1819,9 @@ pub struct ThanosRulerContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1865,6 +1844,11 @@ pub struct ThanosRulerContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -1898,7 +1882,7 @@ pub struct ThanosRulerContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2021,7 +2005,6 @@ pub struct ThanosRulerContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2133,7 +2116,6 @@ pub struct ThanosRulerContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2218,10 +2200,8 @@ pub struct ThanosRulerContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2229,11 +2209,9 @@ pub struct ThanosRulerContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2316,13 +2294,11 @@ pub struct ThanosRulerGrpcServerTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2351,9 +2327,7 @@ pub struct ThanosRulerGrpcServerTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2370,9 +2344,7 @@ pub struct ThanosRulerGrpcServerTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2400,9 +2372,7 @@ pub struct ThanosRulerGrpcServerTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2419,9 +2389,7 @@ pub struct ThanosRulerGrpcServerTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2438,9 +2406,7 @@ pub struct ThanosRulerGrpcServerTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2509,9 +2475,7 @@ pub struct ThanosRulerImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2732,9 +2696,7 @@ pub struct ThanosRulerInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2777,9 +2739,7 @@ pub struct ThanosRulerInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2808,9 +2768,7 @@ pub struct ThanosRulerInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2825,9 +2783,7 @@ pub struct ThanosRulerInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3112,7 +3068,6 @@ pub struct ThanosRulerInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3263,7 +3218,6 @@ pub struct ThanosRulerInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3335,11 +3289,9 @@ pub struct ThanosRulerInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3362,6 +3314,11 @@ pub struct ThanosRulerInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -3395,7 +3352,7 @@ pub struct ThanosRulerInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3518,7 +3475,6 @@ pub struct ThanosRulerInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3630,7 +3586,6 @@ pub struct ThanosRulerInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3715,10 +3670,8 @@ pub struct ThanosRulerInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3726,11 +3679,9 @@ pub struct ThanosRulerInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3784,9 +3735,7 @@ pub struct ThanosRulerObjectStorageConfig { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3796,7 +3745,6 @@ pub struct ThanosRulerObjectStorageConfig { /// PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. /// -/// /// The following items are reserved and cannot be overridden: /// * "app.kubernetes.io/name" label, set to "thanos-ruler". /// * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". @@ -3852,9 +3800,7 @@ pub struct ThanosRulerQueryConfig { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3869,11 +3815,9 @@ pub struct ThanosRulerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3896,6 +3840,11 @@ pub struct ThanosRulerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Namespaces to be selected for Rules discovery. If unspecified, only @@ -3972,12 +3921,10 @@ pub struct ThanosRulerSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -4027,15 +3974,24 @@ pub struct ThanosRulerSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -4103,7 +4059,6 @@ pub struct ThanosRulerSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4207,7 +4162,6 @@ pub struct ThanosRulerStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -4217,11 +4171,9 @@ pub struct ThanosRulerStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -4235,7 +4187,6 @@ pub struct ThanosRulerStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -4245,11 +4196,9 @@ pub struct ThanosRulerStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerStorageEphemeralVolumeClaimTemplate { @@ -4342,7 +4291,7 @@ pub struct ThanosRulerStorageEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -4588,7 +4537,7 @@ pub struct ThanosRulerStorageVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -4726,7 +4675,6 @@ pub struct ThanosRulerStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -4748,13 +4696,11 @@ pub struct ThanosRulerStorageVolumeClaimTemplateStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -4766,7 +4712,6 @@ pub struct ThanosRulerStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -4775,13 +4720,11 @@ pub struct ThanosRulerStorageVolumeClaimTemplateStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -4794,12 +4737,12 @@ pub struct ThanosRulerStorageVolumeClaimTemplateStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -4809,7 +4752,7 @@ pub struct ThanosRulerStorageVolumeClaimTemplateStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerStorageVolumeClaimTemplateStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: @@ -4875,7 +4818,6 @@ pub struct ThanosRulerTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -4909,7 +4851,6 @@ pub struct ThanosRulerTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -4925,7 +4866,6 @@ pub struct ThanosRulerTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -4936,7 +4876,6 @@ pub struct ThanosRulerTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5009,10 +4948,8 @@ pub struct ThanosRulerTopologySpreadConstraintsLabelSelectorMatchExpressions { /// TracingConfig configures tracing in Thanos. /// -/// /// `tracingConfigFile` takes precedence over this field. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5023,9 +4960,7 @@ pub struct ThanosRulerTracingConfig { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5057,10 +4992,8 @@ pub struct ThanosRulerVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5068,11 +5001,9 @@ pub struct ThanosRulerVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5126,7 +5057,6 @@ pub struct ThanosRulerVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5137,17 +5067,14 @@ pub struct ThanosRulerVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5182,11 +5109,24 @@ pub struct ThanosRulerVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5245,7 +5185,6 @@ pub struct ThanosRulerVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5341,9 +5280,7 @@ pub struct ThanosRulerVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5381,9 +5318,7 @@ pub struct ThanosRulerVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5413,9 +5348,7 @@ pub struct ThanosRulerVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -5482,9 +5415,7 @@ pub struct ThanosRulerVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5578,7 +5509,6 @@ pub struct ThanosRulerVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5589,17 +5519,14 @@ pub struct ThanosRulerVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5612,7 +5539,6 @@ pub struct ThanosRulerVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5622,11 +5548,9 @@ pub struct ThanosRulerVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -5640,7 +5564,6 @@ pub struct ThanosRulerVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5650,11 +5573,9 @@ pub struct ThanosRulerVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerVolumesEphemeralVolumeClaimTemplate { @@ -5747,7 +5668,7 @@ pub struct ThanosRulerVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -5876,7 +5797,6 @@ pub struct ThanosRulerVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -5933,9 +5853,7 @@ pub struct ThanosRulerVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5961,7 +5879,6 @@ pub struct ThanosRulerVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6023,9 +5940,6 @@ pub struct ThanosRulerVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerVolumesHostPath { /// path of the directory on the host. @@ -6039,6 +5953,39 @@ pub struct ThanosRulerVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ThanosRulerVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6054,7 +6001,6 @@ pub struct ThanosRulerVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6094,9 +6040,7 @@ pub struct ThanosRulerVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6174,25 +6118,24 @@ pub struct ThanosRulerVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6217,14 +6160,11 @@ pub struct ThanosRulerVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6307,9 +6247,7 @@ pub struct ThanosRulerVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6408,9 +6346,7 @@ pub struct ThanosRulerVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6495,7 +6431,6 @@ pub struct ThanosRulerVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -6542,9 +6477,7 @@ pub struct ThanosRulerVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6597,9 +6530,7 @@ pub struct ThanosRulerVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6693,9 +6624,7 @@ pub struct ThanosRulerVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6852,9 +6781,7 @@ pub struct ThanosRulerWebTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6871,9 +6798,7 @@ pub struct ThanosRulerWebTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6901,9 +6826,7 @@ pub struct ThanosRulerWebTlsConfigClientCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6920,9 +6843,7 @@ pub struct ThanosRulerWebTlsConfigClientCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6939,9 +6860,7 @@ pub struct ThanosRulerWebTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs index 91a3c2d1b..5b0c5146b 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs @@ -126,8 +126,7 @@ pub enum AlertmanagerConfigInhibitRulesTargetMatchMatchType { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerConfigMuteTimeIntervals { /// Name of the time interval - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// TimeIntervals is a list of TimeInterval #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeIntervals")] pub time_intervals: Option>, @@ -256,9 +255,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsApiUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -306,10 +303,8 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -324,9 +319,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigAuthorizationCrede /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -358,9 +351,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -378,9 +369,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -400,9 +389,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigBearerTokenSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -429,21 +416,18 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -483,9 +467,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ClientIdConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -502,9 +484,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ClientIdSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -522,9 +502,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -541,9 +519,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ProxyConnect /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -569,13 +545,11 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -604,9 +578,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCaC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -623,9 +595,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCaS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -653,9 +623,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -672,9 +640,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -691,9 +657,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -746,13 +710,11 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -781,9 +743,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCaConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -800,9 +760,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -830,9 +788,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCertConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -849,9 +805,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCertSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -868,9 +822,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -968,9 +920,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -989,9 +939,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsAuthSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1025,13 +973,11 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1060,9 +1006,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1079,9 +1023,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1109,9 +1051,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1128,9 +1068,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1147,9 +1085,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1248,10 +1184,8 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1266,9 +1200,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigAuthorizationCrede /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1300,9 +1232,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1320,9 +1250,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1342,9 +1270,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigBearerTokenSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1371,21 +1297,18 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1425,9 +1348,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ClientIdConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1444,9 +1365,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ClientIdSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1464,9 +1383,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1483,9 +1400,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ProxyConnect /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1511,13 +1426,11 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1546,9 +1459,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCaC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1565,9 +1476,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCaS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1595,9 +1504,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1614,9 +1521,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1633,9 +1538,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1688,13 +1591,11 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1723,9 +1624,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCaConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1742,9 +1641,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1772,9 +1669,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCertConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1791,9 +1686,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCertSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1810,9 +1703,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1855,9 +1746,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsWebhookUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1930,9 +1819,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsApiKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1989,10 +1876,8 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2007,9 +1892,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigAuthorizationCred /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2041,9 +1924,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2061,9 +1942,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2083,9 +1962,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigBearerTokenSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2112,21 +1989,18 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -2166,9 +2040,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ClientIdCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2185,9 +2057,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ClientIdSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2205,9 +2075,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ClientSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2224,9 +2092,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ProxyConnec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2252,13 +2118,11 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2287,9 +2151,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2306,9 +2168,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2336,9 +2196,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2355,9 +2213,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2374,9 +2230,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2429,13 +2283,11 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2464,9 +2316,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCaConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2483,9 +2333,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2513,9 +2361,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCertConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2532,9 +2378,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCertSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2551,9 +2395,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigKeySecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2715,10 +2557,8 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2733,9 +2573,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigAuthorizationCre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2767,9 +2605,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigBasicAuthPasswor /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2787,9 +2623,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigBasicAuthUsernam /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2809,9 +2643,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigBearerTokenSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2838,21 +2670,18 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -2892,9 +2721,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ClientIdCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2911,9 +2738,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ClientIdSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2931,9 +2756,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ClientSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2950,9 +2773,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ProxyConne /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2978,13 +2799,11 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfig pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3013,9 +2832,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3032,9 +2849,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3062,9 +2877,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3081,9 +2894,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3100,9 +2911,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3155,13 +2964,11 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3190,9 +2997,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3209,9 +3014,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3239,9 +3042,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3258,9 +3059,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3277,9 +3076,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3350,9 +3147,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsRoutingKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3373,9 +3168,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsServiceKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3492,10 +3285,8 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -3510,9 +3301,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigAuthorizationCred /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3544,9 +3333,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3564,9 +3351,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3586,9 +3371,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigBearerTokenSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3615,21 +3398,18 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -3669,9 +3449,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ClientIdCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3688,9 +3466,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ClientIdSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3708,9 +3484,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ClientSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3727,9 +3501,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ProxyConnec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3755,13 +3527,11 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3790,9 +3560,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3809,9 +3577,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3839,9 +3605,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3858,9 +3622,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3877,9 +3639,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3932,13 +3692,11 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3967,9 +3725,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCaConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3986,9 +3742,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4016,9 +3770,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCertConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4035,9 +3787,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCertSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4054,9 +3804,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigKeySecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4102,9 +3850,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsToken { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4124,9 +3870,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsUserKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4245,9 +3989,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsApiUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4307,10 +4049,8 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -4325,9 +4065,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigAuthorizationCredent /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4359,9 +4097,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4379,9 +4115,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4401,9 +4135,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4430,21 +4162,18 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4484,9 +4213,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ClientIdConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4503,9 +4230,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ClientIdSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4523,9 +4248,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4542,9 +4265,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ProxyConnectHe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4570,13 +4291,11 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -4605,9 +4324,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCaCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4624,9 +4341,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCaSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4654,9 +4369,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCertC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4673,9 +4386,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCertS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4692,9 +4403,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigKeySe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4747,13 +4456,11 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -4782,9 +4489,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCaConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4801,9 +4506,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4831,9 +4534,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCertConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4850,9 +4551,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCertSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4869,9 +4568,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4985,10 +4682,8 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -5003,9 +4698,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigAuthorizationCredentia /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5037,9 +4730,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5057,9 +4748,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5079,9 +4768,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5108,21 +4795,18 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5162,9 +4846,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ClientIdConfigMa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5181,9 +4863,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5201,9 +4881,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5220,9 +4898,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ProxyConnectHead /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5248,13 +4924,11 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5283,9 +4957,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5302,9 +4974,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5332,9 +5002,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5351,9 +5019,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5370,9 +5036,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5425,13 +5089,11 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5460,9 +5122,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5479,9 +5139,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5509,9 +5167,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCertConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5528,9 +5184,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5547,9 +5201,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5615,9 +5267,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsSigv4AccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5635,9 +5285,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsSigv4SecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5657,20 +5305,18 @@ pub struct AlertmanagerConfigReceiversTelegramConfigs { /// The secret needs to be in the same namespace as the AlertmanagerConfig /// object and accessible by the Prometheus Operator. /// - /// /// Either `botToken` or `botTokenFile` is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "botToken")] pub bot_token: Option, /// File to read the Telegram bot token from. It is mutually exclusive with `botToken`. /// Either `botToken` or `botTokenFile` is required. /// - /// /// It requires Alertmanager >= v0.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "botTokenFile")] pub bot_token_file: Option, /// The Telegram chat ID. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "chatID")] - pub chat_id: Option, + #[serde(rename = "chatID")] + pub chat_id: i64, /// Disable telegram notifications #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableNotifications")] pub disable_notifications: Option, @@ -5692,7 +5338,6 @@ pub struct AlertmanagerConfigReceiversTelegramConfigs { /// The secret needs to be in the same namespace as the AlertmanagerConfig /// object and accessible by the Prometheus Operator. /// -/// /// Either `botToken` or `botTokenFile` is required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerConfigReceiversTelegramConfigsBotToken { @@ -5702,9 +5347,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsBotToken { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5752,10 +5395,8 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -5770,9 +5411,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigAuthorizationCred /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5804,9 +5443,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5824,9 +5461,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5846,9 +5481,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigBearerTokenSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5875,21 +5508,18 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5929,9 +5559,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ClientIdCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5948,9 +5576,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ClientIdSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5968,9 +5594,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ClientSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5987,9 +5611,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ProxyConnec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6015,13 +5637,11 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6050,9 +5670,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6069,9 +5687,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6099,9 +5715,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6118,9 +5732,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6137,9 +5749,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6192,13 +5802,11 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6227,9 +5835,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCaConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6246,9 +5852,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6276,9 +5880,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCertConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6295,9 +5897,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCertSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6314,9 +5914,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigKeySecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6409,9 +6007,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsApiKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6468,10 +6064,8 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -6486,9 +6080,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigAuthorizationCre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6520,9 +6112,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigBasicAuthPasswor /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6540,9 +6130,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigBasicAuthUsernam /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6562,9 +6150,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigBearerTokenSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6591,21 +6177,18 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6645,9 +6228,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ClientIdCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6664,9 +6245,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ClientIdSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6684,9 +6263,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ClientSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6703,9 +6280,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ProxyConne /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6731,13 +6306,11 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfig pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6766,9 +6339,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6785,9 +6356,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6815,9 +6384,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6834,9 +6401,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6853,9 +6418,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6908,13 +6471,11 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6943,9 +6504,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6962,9 +6521,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6992,9 +6549,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7011,9 +6566,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7030,9 +6583,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7130,10 +6681,8 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -7148,9 +6697,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigAuthorizationCredent /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7182,9 +6729,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7202,9 +6747,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7224,9 +6767,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7253,21 +6794,18 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -7307,9 +6845,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ClientIdConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7326,9 +6862,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ClientIdSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7346,9 +6880,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7365,9 +6897,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ProxyConnectHe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7393,13 +6923,11 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7428,9 +6956,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCaCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7447,9 +6973,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCaSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7477,9 +7001,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCertC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7496,9 +7018,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCertS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7515,9 +7035,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigKeySe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7570,13 +7088,11 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7605,9 +7121,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCaConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7624,9 +7138,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7654,9 +7166,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCertConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7673,9 +7183,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCertSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7692,9 +7200,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7794,10 +7300,8 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -7812,9 +7316,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigAuthorizationCrede /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7846,9 +7348,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7866,9 +7366,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7888,9 +7386,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigBearerTokenSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7917,21 +7413,18 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -7971,9 +7464,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ClientIdConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7990,9 +7481,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ClientIdSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8010,9 +7499,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8029,9 +7516,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ProxyConnect /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8057,13 +7542,11 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8092,9 +7575,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCaC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8111,9 +7592,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCaS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8141,9 +7620,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8160,9 +7637,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8179,9 +7654,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8234,13 +7707,11 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8269,9 +7740,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCaConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8288,9 +7757,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8318,9 +7785,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCertConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8337,9 +7802,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCertSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8356,9 +7819,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8405,9 +7866,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsUrlSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8462,9 +7921,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsApiSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8512,10 +7969,8 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -8530,9 +7985,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigAuthorizationCreden /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8564,9 +8017,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8584,9 +8035,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8606,9 +8055,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigBearerTokenSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8635,21 +8082,18 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -8689,9 +8133,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ClientIdConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8708,9 +8150,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ClientIdSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8728,9 +8168,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8747,9 +8185,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ProxyConnectH /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8775,13 +8211,11 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8810,9 +8244,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCaCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8829,9 +8261,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCaSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8859,9 +8289,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCert /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8878,9 +8306,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCert /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8897,9 +8323,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigKeyS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8952,13 +8376,11 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8987,9 +8409,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCaConfigMa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9006,9 +8426,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9036,9 +8454,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCertConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9055,9 +8471,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCertSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9074,9 +8488,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs index 3fc05ac6a..c1e58a184 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs @@ -24,13 +24,11 @@ use self::prelude::*; pub struct PrometheusAgentSpec { /// AdditionalArgs allows setting additional arguments for the 'prometheus' container. /// - /// /// It is intended for e.g. activating hidden flags which are not supported by /// the dedicated configuration options yet. The arguments are passed as-is to the /// Prometheus container which may cause issues if they are invalid or not supported /// by the given Prometheus version. /// - /// /// In case of an argument conflict (e.g. an argument which is already set by the /// operator itself) or when providing an invalid argument, the reconciliation will /// fail and an error will be logged. @@ -74,7 +72,6 @@ pub struct PrometheusAgentSpec { /// AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. /// If the field isn't set, the operator mounts the service account token by default. /// - /// /// **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. /// It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "automountServiceAccountToken")] @@ -82,7 +79,6 @@ pub struct PrometheusAgentSpec { /// BodySizeLimit defines per-scrape on response body size. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodySizeLimit")] @@ -100,13 +96,11 @@ pub struct PrometheusAgentSpec { /// container if they share the same name and modifications are done via a /// strategic merge patch. /// - /// /// The names of containers managed by the operator are: /// * `prometheus` /// * `config-reloader` /// * `thanos-sidecar` /// - /// /// Overriding containers is entirely outside the scope of what the /// maintainers will support and by doing so, you accept that this behaviour /// may break at any time without notice. @@ -114,26 +108,22 @@ pub struct PrometheusAgentSpec { pub containers: Option>, /// Enable access to Prometheus feature flags. By default, no features are enabled. /// - /// /// Enabling features which are disabled by default is entirely outside the /// scope of what the maintainers will support and by doing so, you accept /// that this behaviour may break at any time without notice. /// - /// /// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, /// Enable Prometheus to be used as a receiver for the Prometheus remote /// write protocol. /// - /// /// WARNING: This is not considered an efficient way of ingesting samples. /// Use it with caution for specific low-volume use cases. /// It is not suitable for replacing the ingestion via scraping and turning /// Prometheus into a push-based metrics collection system. /// For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver /// - /// /// It requires Prometheus >= v2.33.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRemoteWriteReceiver")] pub enable_remote_write_receiver: Option, @@ -142,10 +132,8 @@ pub struct PrometheusAgentSpec { /// Targets responding with a body larger than this many bytes will cause /// the scrape to fail. /// - /// /// It requires Prometheus >= v2.28.0. /// - /// /// When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -159,10 +147,8 @@ pub struct PrometheusAgentSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is /// greater than zero and less than `spec.enforcedKeepDroppedTargets`. /// - /// /// It requires Prometheus >= v2.47.0. /// - /// /// When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -175,10 +161,8 @@ pub struct PrometheusAgentSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is /// greater than zero and less than `spec.enforcedLabelLimit`. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -191,10 +175,8 @@ pub struct PrometheusAgentSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is /// greater than zero and less than `spec.enforcedLabelNameLengthLimit`. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -207,10 +189,8 @@ pub struct PrometheusAgentSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is /// greater than zero and less than `spec.enforcedLabelValueLengthLimit`. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -220,16 +200,13 @@ pub struct PrometheusAgentSpec { pub enforced_label_value_length_limit: Option, /// When not empty, a label will be added to: /// - /// /// 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. /// 2. All metrics generated from recording rules defined in `PrometheusRule` objects. /// 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. /// 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. /// - /// /// The label will not added for objects referenced in `spec.excludedFromEnforcement`. /// - /// /// The label's name is this field's value. /// The label's value is the namespace of the `ServiceMonitor`, /// `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -241,11 +218,9 @@ pub struct PrometheusAgentSpec { /// unless `spec.sampleLimit` is greater than zero and less than /// `spec.enforcedSampleLimit`. /// - /// /// It is meant to be used by admins to keep the overall number of /// samples/series under a desired limit. /// - /// /// When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -258,11 +233,9 @@ pub struct PrometheusAgentSpec { /// ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is /// greater than zero and less than `spec.enforcedTargetLimit`. /// - /// /// It is meant to be used by admins to to keep the overall number of /// targets under a desired limit. /// - /// /// When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: /// * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). /// If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -273,7 +246,6 @@ pub struct PrometheusAgentSpec { /// List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects /// to be excluded from enforcing a namespace label of origin. /// - /// /// It is only applicable if `spec.enforcedNamespaceLabel` set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "excludedFromEnforcement")] pub excluded_from_enforcement: Option>, @@ -294,11 +266,9 @@ pub struct PrometheusAgentSpec { pub host_aliases: Option>, /// Use the host's network namespace if true. /// - /// /// Make sure to understand the security implications if you want to enable /// it (https://kubernetes.io/docs/concepts/configuration/overview/). /// - /// /// When hostNetwork is enabled, this will set the DNS policy to /// `ClusterFirstWithHostNet` automatically. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetwork")] @@ -312,11 +282,9 @@ pub struct PrometheusAgentSpec { /// Container image name for Prometheus. If specified, it takes precedence /// over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. /// - /// /// Specifying `spec.version` is still necessary to ensure the Prometheus /// Operator knows which version of Prometheus is being configured. /// - /// /// If neither `spec.image` nor `spec.baseImage` are defined, the operator /// will use the latest upstream version of Prometheus available at the time /// when the operator was released. @@ -340,11 +308,9 @@ pub struct PrometheusAgentSpec { /// containers if they share the same name and modifications are done via a /// strategic merge patch. /// - /// /// The names of init container name managed by the operator are: /// * `init-config-reloader`. /// - /// /// Overriding init containers is entirely outside the scope of what the /// maintainers will support and by doing so, you accept that this behaviour /// may break at any time without notice. @@ -353,10 +319,8 @@ pub struct PrometheusAgentSpec { /// Per-scrape limit on the number of targets dropped by relabeling /// that will be kept in memory. 0 means no limit. /// - /// /// It requires Prometheus >= v2.47.0. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] @@ -364,7 +328,6 @@ pub struct PrometheusAgentSpec { /// Per-scrape limit on number of labels that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelLimit")] @@ -372,7 +335,6 @@ pub struct PrometheusAgentSpec { /// Per-scrape limit on length of labels name that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelNameLengthLimit")] @@ -380,7 +342,6 @@ pub struct PrometheusAgentSpec { /// Per-scrape limit on length of labels value that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] @@ -403,7 +364,6 @@ pub struct PrometheusAgentSpec { /// without any of its container crashing for it to be considered available. /// Defaults to 0 (pod will be considered available as soon as it is ready) /// - /// /// This is an alpha field from kubernetes 1.22 until 1.24 which requires /// enabling the StatefulSetMinReadySeconds feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReadySeconds")] @@ -411,7 +371,6 @@ pub struct PrometheusAgentSpec { /// Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). /// For now this field has no effect. /// - /// /// (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, @@ -446,7 +405,6 @@ pub struct PrometheusAgentSpec { pub persistent_volume_claim_retention_policy: Option, /// PodMetadata configures labels and annotations which are propagated to the Prometheus pods. /// - /// /// The following items are reserved and cannot be overridden: /// * "prometheus" label, set to the name of the Prometheus object. /// * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -466,7 +424,6 @@ pub struct PrometheusAgentSpec { /// PodMonitors to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -496,7 +453,6 @@ pub struct PrometheusAgentSpec { /// Probes to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -511,7 +467,6 @@ pub struct PrometheusAgentSpec { /// name. The external label will _not_ be added when the field is set to /// the empty string (`""`). /// - /// /// Default: "prometheus" #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusExternalLabelName")] pub prometheus_external_label_name: Option, @@ -526,7 +481,6 @@ pub struct PrometheusAgentSpec { /// The external label will _not_ be added when the field is set to the /// empty string (`""`). /// - /// /// Default: "prometheus_replica" #[serde(default, skip_serializing_if = "Option::is_none", rename = "replicaExternalLabelName")] pub replica_external_label_name: Option, @@ -534,7 +488,6 @@ pub struct PrometheusAgentSpec { /// `spec.replicas` multiplied by `spec.shards` is the total number of Pods /// created. /// - /// /// Default: 1 #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, @@ -543,7 +496,6 @@ pub struct PrometheusAgentSpec { pub resources: Option, /// The route prefix Prometheus registers HTTP handlers for. /// - /// /// This is useful when using `spec.externalURL`, and a proxy is rewriting /// HTTP routes of a request, and the actual ExternalURL is still true, but /// the server serves requests under a different route prefix. For example @@ -553,7 +505,6 @@ pub struct PrometheusAgentSpec { /// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sampleLimit")] @@ -561,7 +512,6 @@ pub struct PrometheusAgentSpec { /// List of scrape classes to expose to scraping objects such as /// PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClasses")] @@ -570,14 +520,12 @@ pub struct PrometheusAgentSpec { /// matches all namespaces. A null label selector matches the current /// namespace only. /// - /// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigNamespaceSelector")] pub scrape_config_namespace_selector: Option, /// ScrapeConfigs to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -587,23 +535,19 @@ pub struct PrometheusAgentSpec { /// of the custom resource definition. It is recommended to use /// `spec.additionalScrapeConfigs` instead. /// - /// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigSelector")] pub scrape_config_selector: Option, /// Interval between consecutive scrapes. /// - /// /// Default: "30s" #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeInterval")] pub scrape_interval: Option, /// The protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// - /// /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.49.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, @@ -627,7 +571,6 @@ pub struct PrometheusAgentSpec { /// Defines the service discovery role used to discover targets from /// `ServiceMonitor` objects and Alertmanager endpoints. /// - /// /// If set, the value should be either "Endpoints" or "EndpointSlice". /// If unset, the operator assumes the "Endpoints" role. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceDiscoveryRole")] @@ -640,7 +583,6 @@ pub struct PrometheusAgentSpec { /// ServiceMonitors to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// - /// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -654,18 +596,15 @@ pub struct PrometheusAgentSpec { /// Number of shards to distribute targets onto. `spec.replicas` /// multiplied by `spec.shards` is the total number of Pods created. /// - /// /// Note that scaling down shards will not reshard data onto remaining /// instances, it must be manually moved. Increasing shards will not reshard /// data either but it will continue to be available from the same /// instances. To query globally, use Thanos sidecar and Thanos querier or /// remote write data to a central location. /// - /// /// Sharding is performed on the content of the `__address__` target meta-label /// for PodMonitors and ServiceMonitors and `__param_target__` for Probes. /// - /// /// Default: 1 #[serde(default, skip_serializing_if = "Option::is_none")] pub shards: Option, @@ -675,7 +614,6 @@ pub struct PrometheusAgentSpec { /// TargetLimit defines a limit on the number of scraped targets that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. /// - /// /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLimit")] @@ -688,15 +626,17 @@ pub struct PrometheusAgentSpec { pub topology_spread_constraints: Option>, /// TracingConfig configures tracing in Prometheus. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfig")] pub tracing_config: Option, + /// Defines the runtime reloadable configuration of the timeseries database(TSDB). + /// It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tsdb: Option, /// Version of Prometheus being deployed. The operator uses this information /// to generate the Prometheus StatefulSet + configuration files. /// - /// /// If not specified, the operator assumes the latest upstream version of /// Prometheus available at the time when the version of the operator was /// released. @@ -704,7 +644,6 @@ pub struct PrometheusAgentSpec { pub version: Option, /// VolumeMounts allows the configuration of additional VolumeMounts. /// - /// /// VolumeMounts will be appended to other VolumeMounts in the 'prometheus' /// container, that are generated as a result of StorageSpec objects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] @@ -716,10 +655,8 @@ pub struct PrometheusAgentSpec { pub volumes: Option>, /// Configures compression of the write-ahead log (WAL) using Snappy. /// - /// /// WAL compression is enabled by default for Prometheus >= 2.20.0 /// - /// /// Requires Prometheus v2.11.0 and above. #[serde(default, skip_serializing_if = "Option::is_none", rename = "walCompression")] pub wal_compression: Option, @@ -757,9 +694,7 @@ pub struct PrometheusAgentAdditionalScrapeConfigs { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,7 +908,7 @@ pub struct PrometheusAgentAffinityPodAffinityPreferredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -984,7 +919,7 @@ pub struct PrometheusAgentAffinityPodAffinityPreferredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1094,7 +1029,7 @@ pub struct PrometheusAgentAffinityPodAffinityRequiredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1105,7 +1040,7 @@ pub struct PrometheusAgentAffinityPodAffinityRequiredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1246,7 +1181,7 @@ pub struct PrometheusAgentAffinityPodAntiAffinityPreferredDuringSchedulingIgnore /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1257,7 +1192,7 @@ pub struct PrometheusAgentAffinityPodAntiAffinityPreferredDuringSchedulingIgnore /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1367,7 +1302,7 @@ pub struct PrometheusAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnored /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1378,7 +1313,7 @@ pub struct PrometheusAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnored /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1477,14 +1412,12 @@ pub struct PrometheusAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnored pub struct PrometheusAgentApiserverConfig { /// Authorization section for the API server. /// - /// /// Cannot be set at the same time as `basicAuth`, `bearerToken`, or /// `bearerTokenFile`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// BasicAuth configuration for the API server. /// - /// /// Cannot be set at the same time as `authorization`, `bearerToken`, or /// `bearerTokenFile`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] @@ -1492,16 +1425,13 @@ pub struct PrometheusAgentApiserverConfig { /// *Warning: this field shouldn't be used because the token value appears /// in clear-text. Prefer using `authorization`.* /// - /// /// Deprecated: this will be removed in a future release. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, /// File to read bearer token for accessing apiserver. /// - /// /// Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. /// - /// /// Deprecated: this will be removed in a future release. Prefer using `authorization`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, @@ -1515,7 +1445,6 @@ pub struct PrometheusAgentApiserverConfig { /// Authorization section for the API server. /// -/// /// Cannot be set at the same time as `basicAuth`, `bearerToken`, or /// `bearerTokenFile`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1528,10 +1457,8 @@ pub struct PrometheusAgentApiserverConfigAuthorization { pub credentials_file: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1546,9 +1473,7 @@ pub struct PrometheusAgentApiserverConfigAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1558,7 +1483,6 @@ pub struct PrometheusAgentApiserverConfigAuthorizationCredentials { /// BasicAuth configuration for the API server. /// -/// /// Cannot be set at the same time as `authorization`, `bearerToken`, or /// `bearerTokenFile`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1583,9 +1507,7 @@ pub struct PrometheusAgentApiserverConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1603,9 +1525,7 @@ pub struct PrometheusAgentApiserverConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1639,13 +1559,11 @@ pub struct PrometheusAgentApiserverConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1674,9 +1592,7 @@ pub struct PrometheusAgentApiserverConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1693,9 +1609,7 @@ pub struct PrometheusAgentApiserverConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1723,9 +1637,7 @@ pub struct PrometheusAgentApiserverConfigTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1742,9 +1654,7 @@ pub struct PrometheusAgentApiserverConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1761,9 +1671,7 @@ pub struct PrometheusAgentApiserverConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2029,9 +1937,7 @@ pub struct PrometheusAgentContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2074,9 +1980,7 @@ pub struct PrometheusAgentContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2105,9 +2009,7 @@ pub struct PrometheusAgentContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2122,9 +2024,7 @@ pub struct PrometheusAgentContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2409,7 +2309,6 @@ pub struct PrometheusAgentContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2560,7 +2459,6 @@ pub struct PrometheusAgentContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2632,11 +2530,9 @@ pub struct PrometheusAgentContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2659,6 +2555,11 @@ pub struct PrometheusAgentContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2692,7 +2593,7 @@ pub struct PrometheusAgentContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2815,7 +2716,6 @@ pub struct PrometheusAgentContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2927,7 +2827,6 @@ pub struct PrometheusAgentContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3012,10 +2911,8 @@ pub struct PrometheusAgentContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3023,11 +2920,9 @@ pub struct PrometheusAgentContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3110,9 +3005,7 @@ pub struct PrometheusAgentImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3333,9 +3226,7 @@ pub struct PrometheusAgentInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3378,9 +3269,7 @@ pub struct PrometheusAgentInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3409,9 +3298,7 @@ pub struct PrometheusAgentInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3426,9 +3313,7 @@ pub struct PrometheusAgentInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3713,7 +3598,6 @@ pub struct PrometheusAgentInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3864,7 +3748,6 @@ pub struct PrometheusAgentInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3936,11 +3819,9 @@ pub struct PrometheusAgentInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3963,6 +3844,11 @@ pub struct PrometheusAgentInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -3996,7 +3882,7 @@ pub struct PrometheusAgentInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4119,7 +4005,6 @@ pub struct PrometheusAgentInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4231,7 +4116,6 @@ pub struct PrometheusAgentInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4316,10 +4200,8 @@ pub struct PrometheusAgentInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4327,11 +4209,9 @@ pub struct PrometheusAgentInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4415,7 +4295,6 @@ pub struct PrometheusAgentPersistentVolumeClaimRetentionPolicy { /// PodMetadata configures labels and annotations which are propagated to the Prometheus pods. /// -/// /// The following items are reserved and cannot be overridden: /// * "prometheus" label, set to the name of the Prometheus object. /// * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -4484,7 +4363,6 @@ pub struct PrometheusAgentPodMonitorNamespaceSelectorMatchExpressions { /// PodMonitors to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -4557,7 +4435,6 @@ pub struct PrometheusAgentProbeNamespaceSelectorMatchExpressions { /// Probes to be selected for target discovery. An empty label selector /// matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -4610,38 +4487,31 @@ pub enum PrometheusAgentReloadStrategy { pub struct PrometheusAgentRemoteWrite { /// Authorization section for the URL. /// - /// /// It requires Prometheus >= v2.26.0. /// - /// /// Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// AzureAD for the URL. /// - /// /// It requires Prometheus >= v2.45.0. /// - /// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureAd")] pub azure_ad: Option, /// BasicAuth configuration for the URL. /// - /// /// Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// *Warning: this field shouldn't be used because the token value appears /// in clear-text. Prefer using `authorization`.* /// - /// /// Deprecated: this will be removed in a future release. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, /// File from which to read bearer token for the URL. /// - /// /// Deprecated: this will be removed in a future release. Prefer using `authorization`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, @@ -4650,14 +4520,12 @@ pub struct PrometheusAgentRemoteWrite { pub enable_http2: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. /// - /// /// It requires Prometheus >= v2.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, /// Custom HTTP headers to be sent along with each remote write request. /// Be aware that headers that are set by Prometheus itself can't be overwritten. /// - /// /// It requires Prometheus >= v2.25.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, @@ -4667,7 +4535,6 @@ pub struct PrometheusAgentRemoteWrite { /// The name of the remote write queue, it must be unique if specified. The /// name is used in metrics and logging in order to differentiate queues. /// - /// /// It requires Prometheus >= v2.15.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -4675,30 +4542,25 @@ pub struct PrometheusAgentRemoteWrite { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// OAuth2 configuration for the URL. /// - /// /// It requires Prometheus >= v2.27.0. /// - /// /// Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4715,23 +4577,19 @@ pub struct PrometheusAgentRemoteWrite { /// exemplar-storage itself must be enabled using the `spec.enableFeature` /// option for exemplars to be scraped in the first place. /// - /// /// It requires Prometheus >= v2.27.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendExemplars")] pub send_exemplars: Option, /// Enables sending of native histograms, also known as sparse histograms /// over remote write. /// - /// /// It requires Prometheus >= v2.40.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendNativeHistograms")] pub send_native_histograms: Option, /// Sigv4 allows to configures AWS's Signature Verification 4 for the URL. /// - /// /// It requires Prometheus >= v2.26.0. /// - /// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub sigv4: Option, @@ -4747,10 +4605,8 @@ pub struct PrometheusAgentRemoteWrite { /// Authorization section for the URL. /// -/// /// It requires Prometheus >= v2.26.0. /// -/// /// Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteAuthorization { @@ -4762,10 +4618,8 @@ pub struct PrometheusAgentRemoteWriteAuthorization { pub credentials_file: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -4780,9 +4634,7 @@ pub struct PrometheusAgentRemoteWriteAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4792,10 +4644,8 @@ pub struct PrometheusAgentRemoteWriteAuthorizationCredentials { /// AzureAD for the URL. /// -/// /// It requires Prometheus >= v2.45.0. /// -/// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteAzureAd { @@ -4809,7 +4659,6 @@ pub struct PrometheusAgentRemoteWriteAzureAd { /// OAuth defines the oauth config that is being used to authenticate. /// Cannot be set at the same time as `managedIdentity` or `sdk`. /// - /// /// It requires Prometheus >= v2.48.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth: Option, @@ -4817,7 +4666,6 @@ pub struct PrometheusAgentRemoteWriteAzureAd { /// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication /// Cannot be set at the same time as `oauth` or `managedIdentity`. /// - /// /// It requires Prometheus >= 2.52.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub sdk: Option, @@ -4825,10 +4673,8 @@ pub struct PrometheusAgentRemoteWriteAzureAd { /// AzureAD for the URL. /// -/// /// It requires Prometheus >= v2.45.0. /// -/// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAgentRemoteWriteAzureAdCloud { @@ -4849,7 +4695,6 @@ pub struct PrometheusAgentRemoteWriteAzureAdManagedIdentity { /// OAuth defines the oauth config that is being used to authenticate. /// Cannot be set at the same time as `managedIdentity` or `sdk`. /// -/// /// It requires Prometheus >= v2.48.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteAzureAdOauth { @@ -4873,9 +4718,7 @@ pub struct PrometheusAgentRemoteWriteAzureAdOauthClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4887,7 +4730,6 @@ pub struct PrometheusAgentRemoteWriteAzureAdOauthClientSecret { /// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication /// Cannot be set at the same time as `oauth` or `managedIdentity`. /// -/// /// It requires Prometheus >= 2.52.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteAzureAdSdk { @@ -4898,7 +4740,6 @@ pub struct PrometheusAgentRemoteWriteAzureAdSdk { /// BasicAuth configuration for the URL. /// -/// /// Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteBasicAuth { @@ -4922,9 +4763,7 @@ pub struct PrometheusAgentRemoteWriteBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4942,9 +4781,7 @@ pub struct PrometheusAgentRemoteWriteBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4965,10 +4802,8 @@ pub struct PrometheusAgentRemoteWriteMetadataConfig { /// OAuth2 configuration for the URL. /// -/// /// It requires Prometheus >= v2.27.0. /// -/// /// Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteOauth2 { @@ -4988,21 +4823,18 @@ pub struct PrometheusAgentRemoteWriteOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5042,9 +4874,7 @@ pub struct PrometheusAgentRemoteWriteOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5061,9 +4891,7 @@ pub struct PrometheusAgentRemoteWriteOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5081,9 +4909,7 @@ pub struct PrometheusAgentRemoteWriteOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5100,9 +4926,7 @@ pub struct PrometheusAgentRemoteWriteOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5128,13 +4952,11 @@ pub struct PrometheusAgentRemoteWriteOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5163,9 +4985,7 @@ pub struct PrometheusAgentRemoteWriteOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5182,9 +5002,7 @@ pub struct PrometheusAgentRemoteWriteOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5212,9 +5030,7 @@ pub struct PrometheusAgentRemoteWriteOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5231,9 +5047,7 @@ pub struct PrometheusAgentRemoteWriteOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5250,9 +5064,7 @@ pub struct PrometheusAgentRemoteWriteOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5297,9 +5109,7 @@ pub struct PrometheusAgentRemoteWriteProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5337,7 +5147,6 @@ pub struct PrometheusAgentRemoteWriteQueueConfig { pub min_shards: Option, /// Retry upon receiving a 429 status code from the remote-write storage. /// - /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryOnRateLimit")] @@ -5350,10 +5159,8 @@ pub struct PrometheusAgentRemoteWriteQueueConfig { /// Sigv4 allows to configures AWS's Signature Verification 4 for the URL. /// -/// /// It requires Prometheus >= v2.26.0. /// -/// /// Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteSigv4 { @@ -5386,9 +5193,7 @@ pub struct PrometheusAgentRemoteWriteSigv4AccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5406,9 +5211,7 @@ pub struct PrometheusAgentRemoteWriteSigv4SecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5442,13 +5245,11 @@ pub struct PrometheusAgentRemoteWriteTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5477,9 +5278,7 @@ pub struct PrometheusAgentRemoteWriteTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5496,9 +5295,7 @@ pub struct PrometheusAgentRemoteWriteTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5526,9 +5323,7 @@ pub struct PrometheusAgentRemoteWriteTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5545,9 +5340,7 @@ pub struct PrometheusAgentRemoteWriteTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5564,9 +5357,7 @@ pub struct PrometheusAgentRemoteWriteTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5603,23 +5394,19 @@ pub enum PrometheusAgentRemoteWriteTlsConfigMinVersion { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteWriteRelabelConfigs { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -5629,7 +5416,6 @@ pub struct PrometheusAgentRemoteWriteWriteRelabelConfigs { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -5643,11 +5429,9 @@ pub struct PrometheusAgentRemoteWriteWriteRelabelConfigs { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -5656,7 +5440,6 @@ pub struct PrometheusAgentRemoteWriteWriteRelabelConfigs { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAgentRemoteWriteWriteRelabelConfigsAction { @@ -5706,11 +5489,9 @@ pub struct PrometheusAgentResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5733,6 +5514,11 @@ pub struct PrometheusAgentResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5745,18 +5531,15 @@ pub struct PrometheusAgentScrapeClasses { /// Default indicates that the scrape applies to all scrape objects that /// don't configure an explicit scrape class name. /// - /// /// Only one scrape class can be set as the default. #[serde(default, skip_serializing_if = "Option::is_none")] pub default: Option, /// MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. /// - /// /// The Operator adds the scrape class metric relabelings defined here. /// Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. /// Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. /// - /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricRelabelings")] pub metric_relabelings: Option>, @@ -5764,13 +5547,11 @@ pub struct PrometheusAgentScrapeClasses { pub name: String, /// Relabelings configures the relabeling rules to apply to all scrape targets. /// - /// /// The Operator automatically adds relabelings for a few standard Kubernetes fields /// like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. /// Then the Operator adds the scrape class relabelings defined here. /// Then the Operator adds the target-specific relabelings defined in the scrape object. /// - /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[serde(default, skip_serializing_if = "Option::is_none")] pub relabelings: Option>, @@ -5778,7 +5559,6 @@ pub struct PrometheusAgentScrapeClasses { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// - /// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -5792,7 +5572,6 @@ pub struct PrometheusAgentScrapeClassesAttachMetadata { /// When set to true, Prometheus attaches node metadata to the discovered /// targets. /// - /// /// The Prometheus service account must have the `list` and `watch` /// permissions on the `Nodes` objects. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5802,23 +5581,19 @@ pub struct PrometheusAgentScrapeClassesAttachMetadata { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeClassesMetricRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -5828,7 +5603,6 @@ pub struct PrometheusAgentScrapeClassesMetricRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -5842,11 +5616,9 @@ pub struct PrometheusAgentScrapeClassesMetricRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -5855,7 +5627,6 @@ pub struct PrometheusAgentScrapeClassesMetricRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAgentScrapeClassesMetricRelabelingsAction { @@ -5902,23 +5673,19 @@ pub enum PrometheusAgentScrapeClassesMetricRelabelingsAction { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeClassesRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -5928,7 +5695,6 @@ pub struct PrometheusAgentScrapeClassesRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -5942,11 +5708,9 @@ pub struct PrometheusAgentScrapeClassesRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -5955,7 +5719,6 @@ pub struct PrometheusAgentScrapeClassesRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAgentScrapeClassesRelabelingsAction { @@ -6003,7 +5766,6 @@ pub enum PrometheusAgentScrapeClassesRelabelingsAction { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// -/// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeClassesTlsConfig { @@ -6030,13 +5792,11 @@ pub struct PrometheusAgentScrapeClassesTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6065,9 +5825,7 @@ pub struct PrometheusAgentScrapeClassesTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6084,9 +5842,7 @@ pub struct PrometheusAgentScrapeClassesTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6114,9 +5870,7 @@ pub struct PrometheusAgentScrapeClassesTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6133,9 +5887,7 @@ pub struct PrometheusAgentScrapeClassesTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6152,9 +5904,7 @@ pub struct PrometheusAgentScrapeClassesTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6166,7 +5916,6 @@ pub struct PrometheusAgentScrapeClassesTlsConfigKeySecret { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// -/// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAgentScrapeClassesTlsConfigMaxVersion { @@ -6184,7 +5933,6 @@ pub enum PrometheusAgentScrapeClassesTlsConfigMaxVersion { /// scrape objects define their own CA, certificate and/or key, they take /// precedence over the corresponding scrape class fields. /// -/// /// For now only the `caFile`, `certFile` and `keyFile` fields are supported. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PrometheusAgentScrapeClassesTlsConfigMinVersion { @@ -6202,7 +5950,6 @@ pub enum PrometheusAgentScrapeClassesTlsConfigMinVersion { /// matches all namespaces. A null label selector matches the current /// namespace only. /// -/// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeConfigNamespaceSelector { @@ -6236,7 +5983,6 @@ pub struct PrometheusAgentScrapeConfigNamespaceSelectorMatchExpressions { /// ScrapeConfigs to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -6246,7 +5992,6 @@ pub struct PrometheusAgentScrapeConfigNamespaceSelectorMatchExpressions { /// of the custom resource definition. It is recommended to use /// `spec.additionalScrapeConfigs` instead. /// -/// /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeConfigSelector { @@ -6289,12 +6034,10 @@ pub struct PrometheusAgentSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -6344,15 +6087,24 @@ pub struct PrometheusAgentSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -6420,7 +6172,6 @@ pub struct PrometheusAgentSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -6508,7 +6259,6 @@ pub struct PrometheusAgentServiceMonitorNamespaceSelectorMatchExpressions { /// ServiceMonitors to be selected for target discovery. An empty label /// selector matches all objects. A null label selector matches no objects. /// -/// /// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` /// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. /// The Prometheus operator will ensure that the Prometheus configuration's @@ -6605,7 +6355,6 @@ pub struct PrometheusAgentStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6615,11 +6364,9 @@ pub struct PrometheusAgentStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6633,7 +6380,6 @@ pub struct PrometheusAgentStorageEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6643,11 +6389,9 @@ pub struct PrometheusAgentStorageEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentStorageEphemeralVolumeClaimTemplate { @@ -6740,7 +6484,7 @@ pub struct PrometheusAgentStorageEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6986,7 +6730,7 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -7124,7 +6868,6 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -7146,13 +6889,11 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -7164,7 +6905,6 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -7173,13 +6913,11 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -7192,12 +6930,12 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -7207,7 +6945,7 @@ pub struct PrometheusAgentStorageVolumeClaimTemplateStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentStorageVolumeClaimTemplateStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: @@ -7275,7 +7013,6 @@ pub struct PrometheusAgentTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -7309,7 +7046,6 @@ pub struct PrometheusAgentTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -7325,7 +7061,6 @@ pub struct PrometheusAgentTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -7336,7 +7071,6 @@ pub struct PrometheusAgentTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -7415,7 +7149,6 @@ pub struct PrometheusAgentTopologySpreadConstraintsLabelSelectorMatchExpressions /// TracingConfig configures tracing in Prometheus. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7447,7 +7180,6 @@ pub struct PrometheusAgentTracingConfig { /// TracingConfig configures tracing in Prometheus. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] @@ -7460,7 +7192,6 @@ pub enum PrometheusAgentTracingConfigClientType { /// TracingConfig configures tracing in Prometheus. /// -/// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] @@ -7495,13 +7226,11 @@ pub struct PrometheusAgentTracingConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7530,9 +7259,7 @@ pub struct PrometheusAgentTracingConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7549,9 +7276,7 @@ pub struct PrometheusAgentTracingConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7579,9 +7304,7 @@ pub struct PrometheusAgentTracingConfigTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7598,9 +7321,7 @@ pub struct PrometheusAgentTracingConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7617,9 +7338,7 @@ pub struct PrometheusAgentTracingConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7653,6 +7372,24 @@ pub enum PrometheusAgentTracingConfigTlsConfigMinVersion { Tls13, } +/// Defines the runtime reloadable configuration of the timeseries database(TSDB). +/// It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusAgentTsdb { + /// Configures how old an out-of-order/out-of-bounds sample can be with + /// respect to the TSDB max time. + /// + /// An out-of-order/out-of-bounds sample is ingested into the TSDB as long as + /// the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). + /// + /// This is an *experimental feature*, it may change in any upcoming release + /// in a breaking way. + /// + /// It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "outOfOrderTimeWindow")] + pub out_of_order_time_window: Option, +} + /// VolumeMount describes a mounting of a Volume within a container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentVolumeMounts { @@ -7677,10 +7414,8 @@ pub struct PrometheusAgentVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -7688,11 +7423,9 @@ pub struct PrometheusAgentVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -7746,7 +7479,6 @@ pub struct PrometheusAgentVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -7757,17 +7489,14 @@ pub struct PrometheusAgentVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -7802,11 +7531,24 @@ pub struct PrometheusAgentVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -7865,7 +7607,6 @@ pub struct PrometheusAgentVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -7961,9 +7702,7 @@ pub struct PrometheusAgentVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -8001,9 +7740,7 @@ pub struct PrometheusAgentVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -8033,9 +7770,7 @@ pub struct PrometheusAgentVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -8102,9 +7837,7 @@ pub struct PrometheusAgentVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -8198,7 +7931,6 @@ pub struct PrometheusAgentVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -8209,17 +7941,14 @@ pub struct PrometheusAgentVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -8232,7 +7961,6 @@ pub struct PrometheusAgentVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -8242,11 +7970,9 @@ pub struct PrometheusAgentVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -8260,7 +7986,6 @@ pub struct PrometheusAgentVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -8270,11 +7995,9 @@ pub struct PrometheusAgentVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentVolumesEphemeralVolumeClaimTemplate { @@ -8367,7 +8090,7 @@ pub struct PrometheusAgentVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -8496,7 +8219,6 @@ pub struct PrometheusAgentVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -8553,9 +8275,7 @@ pub struct PrometheusAgentVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -8581,7 +8301,6 @@ pub struct PrometheusAgentVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -8643,9 +8362,6 @@ pub struct PrometheusAgentVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentVolumesHostPath { /// path of the directory on the host. @@ -8659,6 +8375,39 @@ pub struct PrometheusAgentVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusAgentVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -8674,7 +8423,6 @@ pub struct PrometheusAgentVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -8714,9 +8462,7 @@ pub struct PrometheusAgentVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -8794,25 +8540,24 @@ pub struct PrometheusAgentVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -8837,14 +8582,11 @@ pub struct PrometheusAgentVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -8927,9 +8669,7 @@ pub struct PrometheusAgentVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -9028,9 +8768,7 @@ pub struct PrometheusAgentVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -9115,7 +8853,6 @@ pub struct PrometheusAgentVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -9162,9 +8899,7 @@ pub struct PrometheusAgentVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -9217,9 +8952,7 @@ pub struct PrometheusAgentVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -9313,9 +9046,7 @@ pub struct PrometheusAgentVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -9479,9 +9210,7 @@ pub struct PrometheusAgentWebTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9498,9 +9227,7 @@ pub struct PrometheusAgentWebTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9528,9 +9255,7 @@ pub struct PrometheusAgentWebTlsConfigClientCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9547,9 +9272,7 @@ pub struct PrometheusAgentWebTlsConfigClientCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9566,9 +9289,7 @@ pub struct PrometheusAgentWebTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs index 7b7b5e14a..26186aba3 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs @@ -50,10 +50,8 @@ pub struct ScrapeConfigSpec { pub ec2_sd_configs: Option>, /// When false, Prometheus will request uncompressed response from the scraped target. /// - /// /// It requires Prometheus >= v2.49.0. /// - /// /// If unset, Prometheus uses true by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCompression")] pub enable_compression: Option, @@ -80,7 +78,6 @@ pub struct ScrapeConfigSpec { pub http_sd_configs: Option>, /// The value of the `job` label assigned to the scraped metrics by default. /// - /// /// The `job_name` field in the rendered scrape configuration is always controlled by the /// operator to prevent duplicate job names, which Prometheus does not allow. Instead the /// `job` label is set by means of relabeling configs. @@ -89,7 +86,6 @@ pub struct ScrapeConfigSpec { /// Per-scrape limit on the number of targets dropped by relabeling /// that will be kept in memory. 0 means no limit. /// - /// /// It requires Prometheus >= v2.47.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] pub keep_dropped_targets: Option, @@ -127,7 +123,6 @@ pub struct ScrapeConfigSpec { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -146,14 +141,12 @@ pub struct ScrapeConfigSpec { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -188,10 +181,8 @@ pub struct ScrapeConfigSpec { /// The protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// - /// /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.49.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, @@ -241,7 +232,6 @@ pub struct ScrapeConfigNomadSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -252,14 +242,12 @@ pub struct ScrapeConfigNomadSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -289,10 +277,8 @@ pub struct ScrapeConfigNomadSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -307,9 +293,7 @@ pub struct ScrapeConfigNomadSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -340,9 +324,7 @@ pub struct ScrapeConfigNomadSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -360,9 +342,7 @@ pub struct ScrapeConfigNomadSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -390,21 +370,18 @@ pub struct ScrapeConfigNomadSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -444,9 +421,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -463,9 +438,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -483,9 +456,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -502,9 +473,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -530,13 +499,11 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -565,9 +532,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -584,9 +549,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -614,9 +577,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -633,9 +594,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -652,9 +611,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -699,9 +656,7 @@ pub struct ScrapeConfigNomadSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -726,13 +681,11 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -761,9 +714,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -780,9 +731,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -810,9 +759,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -829,9 +776,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -848,9 +793,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -892,10 +835,8 @@ pub struct ScrapeConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -910,9 +851,7 @@ pub struct ScrapeConfigAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -976,9 +915,7 @@ pub struct ScrapeConfigAzureSdConfigsClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1009,9 +946,7 @@ pub struct ScrapeConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1029,9 +964,7 @@ pub struct ScrapeConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1072,7 +1005,6 @@ pub struct ScrapeConfigConsulSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -1088,14 +1020,12 @@ pub struct ScrapeConfigConsulSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1138,10 +1068,8 @@ pub struct ScrapeConfigConsulSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1156,9 +1084,7 @@ pub struct ScrapeConfigConsulSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1190,9 +1116,7 @@ pub struct ScrapeConfigConsulSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1210,9 +1134,7 @@ pub struct ScrapeConfigConsulSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1239,21 +1161,18 @@ pub struct ScrapeConfigConsulSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1293,9 +1212,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1312,9 +1229,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1332,9 +1247,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1351,9 +1264,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1379,13 +1290,11 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1414,9 +1323,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1433,9 +1340,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1463,9 +1368,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1482,9 +1385,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1501,9 +1402,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1548,9 +1447,7 @@ pub struct ScrapeConfigConsulSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1585,13 +1482,11 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1620,9 +1515,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1639,9 +1532,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1669,9 +1560,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1688,9 +1577,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1707,9 +1594,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1752,9 +1637,7 @@ pub struct ScrapeConfigConsulSdConfigsTokenRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1781,7 +1664,6 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -1795,14 +1677,12 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1826,10 +1706,8 @@ pub struct ScrapeConfigDigitalOceanSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1844,9 +1722,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1874,21 +1750,18 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1928,9 +1801,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1947,9 +1818,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1967,9 +1836,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1986,9 +1853,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2014,13 +1879,11 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2049,9 +1912,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2068,9 +1929,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2098,9 +1957,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2117,9 +1974,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2136,9 +1991,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2183,9 +2036,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2210,13 +2061,11 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2245,9 +2094,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2264,9 +2111,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2294,9 +2139,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2313,9 +2156,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2332,9 +2173,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2386,7 +2225,6 @@ pub struct ScrapeConfigDnsSdConfigs { /// The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. /// If not set, Prometheus uses its default value. /// - /// /// When set to NS, it requires Prometheus >= v2.49.0. /// When set to MX, it requires Prometheus >= v2.38.0 #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] @@ -2436,11 +2274,15 @@ pub struct ScrapeConfigDockerSdConfigs { /// The host to use if the container is in host networking mode. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkingHost")] pub host_networking_host: Option, + /// Configure whether to match the first network if the container has multiple networks defined. + /// If unset, Prometheus uses true by default. + /// It requires Prometheus >= v2.54.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFirstNetwork")] + pub match_first_network: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -2454,14 +2296,12 @@ pub struct ScrapeConfigDockerSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -2485,10 +2325,8 @@ pub struct ScrapeConfigDockerSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2503,9 +2341,7 @@ pub struct ScrapeConfigDockerSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2536,9 +2372,7 @@ pub struct ScrapeConfigDockerSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2556,9 +2390,7 @@ pub struct ScrapeConfigDockerSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2595,21 +2427,18 @@ pub struct ScrapeConfigDockerSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -2649,9 +2478,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2668,9 +2495,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2688,9 +2513,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2707,9 +2530,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2735,13 +2556,11 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2770,9 +2589,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2789,9 +2606,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2819,9 +2634,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2838,9 +2651,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2857,9 +2668,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2904,9 +2713,7 @@ pub struct ScrapeConfigDockerSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2931,13 +2738,11 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2966,9 +2771,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2985,9 +2788,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3015,9 +2816,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3034,9 +2833,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3053,9 +2850,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3119,7 +2914,6 @@ pub struct ScrapeConfigDockerSwarmSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -3134,14 +2928,12 @@ pub struct ScrapeConfigDockerSwarmSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -3166,10 +2958,8 @@ pub struct ScrapeConfigDockerSwarmSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -3184,9 +2974,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3217,9 +3005,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3237,9 +3023,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3276,21 +3060,18 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -3330,9 +3111,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3349,9 +3128,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3369,9 +3146,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3388,9 +3163,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3416,13 +3189,11 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3451,9 +3222,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3470,9 +3239,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3500,9 +3267,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3519,9 +3284,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3538,9 +3301,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3585,9 +3346,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3621,13 +3380,11 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3656,9 +3413,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3675,9 +3430,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3705,9 +3458,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3724,9 +3475,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3743,9 +3492,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3784,7 +3531,6 @@ pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMinVersion { /// The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config /// -/// /// The EC2 service discovery requires AWS API keys or role ARN for authentication. /// BasicAuth, Authorization and OAuth2 fields are not present on purpose. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3811,7 +3557,6 @@ pub struct ScrapeConfigEc2SdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -3822,14 +3567,12 @@ pub struct ScrapeConfigEc2SdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -3863,9 +3606,7 @@ pub struct ScrapeConfigEc2SdConfigsAccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3891,9 +3632,7 @@ pub struct ScrapeConfigEc2SdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3910,9 +3649,7 @@ pub struct ScrapeConfigEc2SdConfigsSecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3938,13 +3675,11 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3973,9 +3708,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3992,9 +3725,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4022,9 +3753,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4041,9 +3770,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4060,9 +3787,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4119,7 +3844,6 @@ pub struct ScrapeConfigEurekaSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -4130,14 +3854,12 @@ pub struct ScrapeConfigEurekaSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4162,10 +3884,8 @@ pub struct ScrapeConfigEurekaSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -4180,9 +3900,7 @@ pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4213,9 +3931,7 @@ pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4233,9 +3949,7 @@ pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4263,21 +3977,18 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4317,9 +4028,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4336,9 +4045,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4356,9 +4063,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4375,9 +4080,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4403,13 +4106,11 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -4438,9 +4139,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4457,9 +4156,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4487,9 +4184,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4506,9 +4201,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4525,9 +4218,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4572,9 +4263,7 @@ pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4599,13 +4288,11 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -4634,9 +4321,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4653,9 +4338,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4683,9 +4366,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4702,9 +4383,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4721,9 +4400,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4776,12 +4453,10 @@ pub struct ScrapeConfigFileSdConfigs { /// the public IP address with relabeling. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config /// -/// /// The GCE service discovery will load the Google Cloud credentials /// from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. /// See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform /// -/// /// A pre-requisite for using GCESDConfig is that a Secret containing valid /// Google Cloud credentials is mounted into the Prometheus or PrometheusAgent /// pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS @@ -4832,7 +4507,6 @@ pub struct ScrapeConfigHetznerSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -4846,14 +4520,12 @@ pub struct ScrapeConfigHetznerSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4879,10 +4551,8 @@ pub struct ScrapeConfigHetznerSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -4897,9 +4567,7 @@ pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4931,9 +4599,7 @@ pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4951,9 +4617,7 @@ pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4981,21 +4645,18 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5035,9 +4696,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5054,9 +4713,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5074,9 +4731,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5093,9 +4748,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5121,13 +4774,11 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5156,9 +4807,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5175,9 +4824,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5205,9 +4852,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5224,9 +4869,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5243,9 +4886,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5290,9 +4931,7 @@ pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5332,13 +4971,11 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5367,9 +5004,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5386,9 +5021,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5416,9 +5049,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5435,9 +5066,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5454,9 +5083,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5505,21 +5132,18 @@ pub struct ScrapeConfigHttpSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5545,10 +5169,8 @@ pub struct ScrapeConfigHttpSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -5563,9 +5185,7 @@ pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5597,9 +5217,7 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5617,9 +5235,7 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5636,9 +5252,7 @@ pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5663,13 +5277,11 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5698,9 +5310,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5717,9 +5327,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5747,9 +5355,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5766,9 +5372,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5785,9 +5389,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5858,7 +5460,6 @@ pub struct ScrapeConfigKubernetesSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -5869,14 +5470,12 @@ pub struct ScrapeConfigKubernetesSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5917,10 +5516,8 @@ pub struct ScrapeConfigKubernetesSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -5935,9 +5532,7 @@ pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5969,9 +5564,7 @@ pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5989,9 +5582,7 @@ pub struct ScrapeConfigKubernetesSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6031,21 +5622,18 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6085,9 +5673,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6104,9 +5690,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6124,9 +5708,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6143,9 +5725,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6171,13 +5751,11 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6206,9 +5784,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6225,9 +5801,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6255,9 +5829,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6274,9 +5846,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6293,9 +5863,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6340,9 +5908,7 @@ pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6406,13 +5972,11 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6441,9 +6005,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6460,9 +6022,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6490,9 +6050,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6509,9 +6067,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6528,9 +6084,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6590,7 +6144,6 @@ pub struct ScrapeConfigKumaSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -6601,14 +6154,12 @@ pub struct ScrapeConfigKumaSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6633,10 +6184,8 @@ pub struct ScrapeConfigKumaSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -6651,9 +6200,7 @@ pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6684,9 +6231,7 @@ pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6704,9 +6249,7 @@ pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6734,21 +6277,18 @@ pub struct ScrapeConfigKumaSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6788,9 +6328,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6807,9 +6345,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6827,9 +6363,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6846,9 +6380,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6874,13 +6406,11 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6909,9 +6439,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6928,9 +6456,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6958,9 +6484,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6977,9 +6501,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6996,9 +6518,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7043,9 +6563,7 @@ pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7070,13 +6588,11 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7105,9 +6621,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7124,9 +6638,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7154,9 +6666,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7173,9 +6683,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7192,9 +6700,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7230,7 +6736,6 @@ pub enum ScrapeConfigKumaSdConfigsTlsConfigMinVersion { /// LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config -/// TODO: Need to document that we will not be supporting the `_file` fields. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigLightSailSdConfigs { /// AccessKey is the AWS API key. @@ -7257,7 +6762,6 @@ pub struct ScrapeConfigLightSailSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -7272,14 +6776,12 @@ pub struct ScrapeConfigLightSailSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -7312,9 +6814,7 @@ pub struct ScrapeConfigLightSailSdConfigsAccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7331,10 +6831,8 @@ pub struct ScrapeConfigLightSailSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -7349,9 +6847,7 @@ pub struct ScrapeConfigLightSailSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7383,9 +6879,7 @@ pub struct ScrapeConfigLightSailSdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7403,9 +6897,7 @@ pub struct ScrapeConfigLightSailSdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7433,21 +6925,18 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -7487,9 +6976,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7506,9 +6993,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7526,9 +7011,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7545,9 +7028,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7573,13 +7054,11 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7608,9 +7087,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7627,9 +7104,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7657,9 +7132,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7676,9 +7149,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7695,9 +7166,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7742,9 +7211,7 @@ pub struct ScrapeConfigLightSailSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7761,9 +7228,7 @@ pub struct ScrapeConfigLightSailSdConfigsSecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7788,13 +7253,11 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7823,9 +7286,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7842,9 +7303,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7872,9 +7331,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7891,9 +7348,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7910,9 +7365,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7963,7 +7416,6 @@ pub struct ScrapeConfigLinodeSdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -7977,14 +7429,12 @@ pub struct ScrapeConfigLinodeSdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -8013,10 +7463,8 @@ pub struct ScrapeConfigLinodeSdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -8031,9 +7479,7 @@ pub struct ScrapeConfigLinodeSdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8061,21 +7507,18 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -8115,9 +7558,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8134,9 +7575,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8154,9 +7593,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8173,9 +7610,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8201,13 +7636,11 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8236,9 +7669,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8255,9 +7686,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8285,9 +7714,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8304,9 +7731,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8323,9 +7748,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8370,9 +7793,7 @@ pub struct ScrapeConfigLinodeSdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8397,13 +7818,11 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8432,9 +7851,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8451,9 +7868,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8481,9 +7896,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8500,9 +7913,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8519,9 +7930,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8558,23 +7967,19 @@ pub enum ScrapeConfigLinodeSdConfigsTlsConfigMinVersion { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigMetricRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -8584,7 +7989,6 @@ pub struct ScrapeConfigMetricRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -8598,11 +8002,9 @@ pub struct ScrapeConfigMetricRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -8611,7 +8013,6 @@ pub struct ScrapeConfigMetricRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigMetricRelabelingsAction { @@ -8674,21 +8075,18 @@ pub struct ScrapeConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -8728,9 +8126,7 @@ pub struct ScrapeConfigOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8747,9 +8143,7 @@ pub struct ScrapeConfigOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8767,9 +8161,7 @@ pub struct ScrapeConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8786,9 +8178,7 @@ pub struct ScrapeConfigOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8814,13 +8204,11 @@ pub struct ScrapeConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8849,9 +8237,7 @@ pub struct ScrapeConfigOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8868,9 +8254,7 @@ pub struct ScrapeConfigOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8898,9 +8282,7 @@ pub struct ScrapeConfigOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8917,9 +8299,7 @@ pub struct ScrapeConfigOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8936,9 +8316,7 @@ pub struct ScrapeConfigOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9057,9 +8435,7 @@ pub struct ScrapeConfigOpenstackSdConfigsApplicationCredentialSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9092,9 +8468,7 @@ pub struct ScrapeConfigOpenstackSdConfigsPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9131,13 +8505,11 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -9166,9 +8538,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9185,9 +8555,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9215,9 +8583,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9234,9 +8600,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9253,9 +8617,7 @@ pub struct ScrapeConfigOpenstackSdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9321,9 +8683,7 @@ pub struct ScrapeConfigOvhcloudSdConfigsApplicationSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9340,9 +8700,7 @@ pub struct ScrapeConfigOvhcloudSdConfigsConsumerKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9359,9 +8717,7 @@ pub struct ScrapeConfigProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9396,7 +8752,6 @@ pub struct ScrapeConfigPuppetDbsdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -9410,14 +8765,12 @@ pub struct ScrapeConfigPuppetDbsdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -9446,10 +8799,8 @@ pub struct ScrapeConfigPuppetDbsdConfigsAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -9464,9 +8815,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsAuthorizationCredentials { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9498,9 +8847,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9518,9 +8865,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9548,21 +8893,18 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -9602,9 +8944,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientIdConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9621,9 +8961,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9641,9 +8979,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9660,9 +8996,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2ProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9688,13 +9022,11 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -9723,9 +9055,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2TlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9742,9 +9072,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2TlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9772,9 +9100,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2TlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9791,9 +9117,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2TlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9810,9 +9134,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsOauth2TlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9857,9 +9179,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9884,13 +9204,11 @@ pub struct ScrapeConfigPuppetDbsdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -9919,9 +9237,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9938,9 +9254,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9968,9 +9282,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9987,9 +9299,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10006,9 +9316,7 @@ pub struct ScrapeConfigPuppetDbsdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10045,23 +9353,19 @@ pub enum ScrapeConfigPuppetDbsdConfigsTlsConfigMinVersion { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigRelabelings { /// Action to perform based on the regex matching. /// - /// /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. /// - /// /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. /// - /// /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, @@ -10071,7 +9375,6 @@ pub struct ScrapeConfigRelabelings { /// Replacement value against which a Replace action is performed if the /// regular expression matches. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, @@ -10085,11 +9388,9 @@ pub struct ScrapeConfigRelabelings { pub source_labels: Option>, /// Label to which the resulting string is written in a replacement. /// - /// /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, /// `KeepEqual` and `DropEqual` actions. /// - /// /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, @@ -10098,7 +9399,6 @@ pub struct ScrapeConfigRelabelings { /// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, /// scraped samples and remote write samples. /// -/// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigRelabelingsAction { @@ -10144,7 +9444,6 @@ pub enum ScrapeConfigRelabelingsAction { /// ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config -/// TODO: Need to document that we will not be supporting the `_file` fields. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ScrapeConfigScalewaySdConfigs { /// Access key to use. https://console.scaleway.com/project/credentials @@ -10166,7 +9465,6 @@ pub struct ScrapeConfigScalewaySdConfigs { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, @@ -10179,14 +9477,12 @@ pub struct ScrapeConfigScalewaySdConfigs { /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -10221,9 +9517,7 @@ pub struct ScrapeConfigScalewaySdConfigsProxyConnectHeader { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10233,7 +9527,6 @@ pub struct ScrapeConfigScalewaySdConfigsProxyConnectHeader { /// ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config -/// TODO: Need to document that we will not be supporting the `_file` fields. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigScalewaySdConfigsRole { Instance, @@ -10249,9 +9542,7 @@ pub struct ScrapeConfigScalewaySdConfigsSecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10276,13 +9567,11 @@ pub struct ScrapeConfigScalewaySdConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -10311,9 +9600,7 @@ pub struct ScrapeConfigScalewaySdConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10330,9 +9617,7 @@ pub struct ScrapeConfigScalewaySdConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10360,9 +9645,7 @@ pub struct ScrapeConfigScalewaySdConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10379,9 +9662,7 @@ pub struct ScrapeConfigScalewaySdConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10398,9 +9679,7 @@ pub struct ScrapeConfigScalewaySdConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10472,13 +9751,11 @@ pub struct ScrapeConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -10507,9 +9784,7 @@ pub struct ScrapeConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10526,9 +9801,7 @@ pub struct ScrapeConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10556,9 +9829,7 @@ pub struct ScrapeConfigTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10575,9 +9846,7 @@ pub struct ScrapeConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10594,9 +9863,7 @@ pub struct ScrapeConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs index f53d3a086..cc87789b7 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs @@ -167,8 +167,8 @@ pub struct AlertmanagerConfigReceiversDiscordConfigs { /// The secret's key that contains the Discord webhook URL. /// The secret needs to be in the same namespace as the AlertmanagerConfig /// object and accessible by the Prometheus Operator. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiURL")] - pub api_url: Option, + #[serde(rename = "apiURL")] + pub api_url: AlertmanagerConfigReceiversDiscordConfigsApiUrl, /// HTTP client configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpConfig")] pub http_config: Option, @@ -194,9 +194,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsApiUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -244,10 +242,8 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -262,9 +258,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigAuthorizationCrede /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -296,9 +290,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -316,9 +308,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -357,21 +347,18 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -411,9 +398,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ClientIdConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -430,9 +415,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ClientIdSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -450,9 +433,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -469,9 +450,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2ProxyConnect /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -497,13 +476,11 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -532,9 +509,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCaC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -551,9 +526,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCaS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -581,9 +554,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -600,9 +571,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -619,9 +588,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigOauth2TlsConfigKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -674,13 +641,11 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -709,9 +674,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCaConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -728,9 +691,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -758,9 +719,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCertConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -777,9 +736,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigCertSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -796,9 +753,7 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -933,13 +888,11 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -968,9 +921,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -987,9 +938,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1017,9 +966,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCertConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1036,9 +983,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1055,9 +1000,7 @@ pub struct AlertmanagerConfigReceiversEmailConfigsTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1156,10 +1099,8 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1174,9 +1115,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigAuthorizationCrede /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1208,9 +1147,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1228,9 +1165,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1269,21 +1204,18 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -1323,9 +1255,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ClientIdConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1342,9 +1272,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ClientIdSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1362,9 +1290,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1381,9 +1307,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2ProxyConnect /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1409,13 +1333,11 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1444,9 +1366,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCaC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1463,9 +1383,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCaS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1493,9 +1411,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1512,9 +1428,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1531,9 +1445,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigOauth2TlsConfigKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1586,13 +1498,11 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -1621,9 +1531,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCaConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1640,9 +1548,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1670,9 +1576,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCertConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1689,9 +1593,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigCertSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1708,9 +1610,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1753,9 +1653,7 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsWebhookUrl { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1873,10 +1771,8 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1891,9 +1787,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigAuthorizationCred /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1925,9 +1819,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1945,9 +1837,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1986,21 +1876,18 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -2040,9 +1927,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ClientIdCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2059,9 +1944,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ClientIdSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2079,9 +1962,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ClientSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2098,9 +1979,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2ProxyConnec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2126,13 +2005,11 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2161,9 +2038,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2180,9 +2055,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2210,9 +2083,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2229,9 +2100,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2248,9 +2117,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigOauth2TlsConfigKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2303,13 +2170,11 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2338,9 +2203,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCaConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2357,9 +2220,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2387,9 +2248,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCertConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2406,9 +2265,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigCertSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2425,9 +2282,7 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfigTlsConfigKeySecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2605,10 +2460,8 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2623,9 +2476,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigAuthorizationCre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2657,9 +2508,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigBasicAuthPasswor /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2677,9 +2526,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigBasicAuthUsernam /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2718,21 +2565,18 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -2772,9 +2616,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ClientIdCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2791,9 +2633,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ClientIdSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2811,9 +2651,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ClientSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2830,9 +2668,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2ProxyConne /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2858,13 +2694,11 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfig pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -2893,9 +2727,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2912,9 +2744,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2942,9 +2772,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2961,9 +2789,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2980,9 +2806,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigOauth2TlsConfigK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3035,13 +2859,11 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3070,9 +2892,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3089,9 +2909,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3119,9 +2937,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3138,9 +2954,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3157,9 +2971,7 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfigTlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3352,10 +3164,8 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -3370,9 +3180,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigAuthorizationCred /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3404,9 +3212,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3424,9 +3230,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3465,21 +3269,18 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -3519,9 +3320,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ClientIdCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3538,9 +3337,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ClientIdSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3558,9 +3355,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ClientSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3577,9 +3372,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2ProxyConnec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3605,13 +3398,11 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3640,9 +3431,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3659,9 +3448,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3689,9 +3476,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3708,9 +3493,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3727,9 +3510,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigOauth2TlsConfigKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3782,13 +3563,11 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -3817,9 +3596,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCaConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3836,9 +3613,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3866,9 +3641,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCertConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3885,9 +3658,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigCertSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3904,9 +3675,7 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfigTlsConfigKeySecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4127,10 +3896,8 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -4145,9 +3912,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigAuthorizationCredent /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4179,9 +3944,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4199,9 +3962,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4240,21 +4001,18 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4294,9 +4052,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ClientIdConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4313,9 +4069,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ClientIdSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4333,9 +4087,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4352,9 +4104,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2ProxyConnectHe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4380,13 +4130,11 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -4415,9 +4163,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCaCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4434,9 +4180,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCaSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4464,9 +4208,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCertC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4483,9 +4225,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigCertS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4502,9 +4242,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigOauth2TlsConfigKeySe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4557,13 +4295,11 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -4592,9 +4328,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCaConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4611,9 +4345,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4641,9 +4373,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCertConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4660,9 +4390,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigCertSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4679,9 +4407,7 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4795,10 +4521,8 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -4813,9 +4537,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigAuthorizationCredentia /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4847,9 +4569,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4867,9 +4587,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4908,21 +4626,18 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -4962,9 +4677,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ClientIdConfigMa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4981,9 +4694,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ClientIdSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5001,9 +4712,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5020,9 +4729,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2ProxyConnectHead /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5048,13 +4755,11 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5083,9 +4788,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5102,9 +4805,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5132,9 +4833,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5151,9 +4850,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5170,9 +4867,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigOauth2TlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5225,13 +4920,11 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5260,9 +4953,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCaConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5279,9 +4970,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5309,9 +4998,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCertConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5328,9 +5015,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5347,9 +5032,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5415,9 +5098,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsSigv4AccessKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5435,9 +5116,7 @@ pub struct AlertmanagerConfigReceiversSnsConfigsSigv4SecretKey { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5457,20 +5136,18 @@ pub struct AlertmanagerConfigReceiversTelegramConfigs { /// The secret needs to be in the same namespace as the AlertmanagerConfig /// object and accessible by the Prometheus Operator. /// - /// /// Either `botToken` or `botTokenFile` is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "botToken")] pub bot_token: Option, /// File to read the Telegram bot token from. It is mutually exclusive with `botToken`. /// Either `botToken` or `botTokenFile` is required. /// - /// /// It requires Alertmanager >= v0.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "botTokenFile")] pub bot_token_file: Option, /// The Telegram chat ID. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "chatID")] - pub chat_id: Option, + #[serde(rename = "chatID")] + pub chat_id: i64, /// Disable telegram notifications #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableNotifications")] pub disable_notifications: Option, @@ -5492,7 +5169,6 @@ pub struct AlertmanagerConfigReceiversTelegramConfigs { /// The secret needs to be in the same namespace as the AlertmanagerConfig /// object and accessible by the Prometheus Operator. /// -/// /// Either `botToken` or `botTokenFile` is required. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerConfigReceiversTelegramConfigsBotToken { @@ -5542,10 +5218,8 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -5560,9 +5234,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigAuthorizationCred /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5594,9 +5266,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5614,9 +5284,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5655,21 +5323,18 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -5709,9 +5374,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ClientIdCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5728,9 +5391,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ClientIdSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5748,9 +5409,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ClientSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5767,9 +5426,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2ProxyConnec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5795,13 +5452,11 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -5830,9 +5485,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5849,9 +5502,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5879,9 +5530,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -5898,9 +5547,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigCe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5917,9 +5564,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigOauth2TlsConfigKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -5972,13 +5617,11 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6007,9 +5650,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCaConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6026,9 +5667,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6056,9 +5695,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCertConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6075,9 +5712,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigCertSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6094,9 +5729,7 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfigTlsConfigKeySecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6238,10 +5871,8 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -6256,9 +5887,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigAuthorizationCre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6290,9 +5919,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigBasicAuthPasswor /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6310,9 +5937,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigBasicAuthUsernam /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6351,21 +5976,18 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -6405,9 +6027,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ClientIdCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6424,9 +6044,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ClientIdSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6444,9 +6062,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ClientSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6463,9 +6079,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2ProxyConne /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6491,13 +6105,11 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfig pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6526,9 +6138,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6545,9 +6155,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6575,9 +6183,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6594,9 +6200,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6613,9 +6217,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigOauth2TlsConfigK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6668,13 +6270,11 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -6703,9 +6303,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCaConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6722,9 +6320,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCaSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6752,9 +6348,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCertCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6771,9 +6365,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigCertSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6790,9 +6382,7 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfigTlsConfigKeySecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6889,10 +6479,8 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -6907,9 +6495,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigAuthorizationCredent /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6941,9 +6527,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6961,9 +6545,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7002,21 +6584,18 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -7056,9 +6635,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ClientIdConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7075,9 +6652,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ClientIdSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7095,9 +6670,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ClientSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7114,9 +6687,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2ProxyConnectHe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7142,13 +6713,11 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7177,9 +6746,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCaCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7196,9 +6763,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCaSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7226,9 +6791,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCertC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7245,9 +6808,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigCertS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7264,9 +6825,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigOauth2TlsConfigKeySe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7319,13 +6878,11 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7354,9 +6911,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCaConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7373,9 +6928,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7403,9 +6956,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCertConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7422,9 +6973,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigCertSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7441,9 +6990,7 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfigTlsConfigKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7543,10 +7090,8 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -7561,9 +7106,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigAuthorizationCrede /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7595,9 +7138,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigBasicAuthPassword /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7615,9 +7156,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigBasicAuthUsername /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7656,21 +7195,18 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -7710,9 +7246,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ClientIdConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7729,9 +7263,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ClientIdSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7749,9 +7281,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7768,9 +7298,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2ProxyConnect /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7796,13 +7324,11 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -7831,9 +7357,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCaC /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7850,9 +7374,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCaS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7880,9 +7402,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7899,9 +7419,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigCer /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7918,9 +7436,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigOauth2TlsConfigKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7973,13 +7489,11 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8008,9 +7522,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCaConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8027,9 +7539,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCaSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8057,9 +7567,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCertConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8076,9 +7584,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigCertSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8095,9 +7601,7 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8231,10 +7735,8 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigAuthorization { pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// - /// /// "Basic" is not a supported value. /// - /// /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -8249,9 +7751,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigAuthorizationCreden /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8283,9 +7783,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigBasicAuthPassword { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8303,9 +7801,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigBasicAuthUsername { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8344,21 +7840,18 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2 { /// that should be excluded from proxying. IP and domain names can /// contain port numbers. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// - /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, @@ -8398,9 +7891,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ClientIdConfi /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8417,9 +7908,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ClientIdSecre /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8437,9 +7926,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ClientSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8456,9 +7943,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2ProxyConnectH /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8484,13 +7969,11 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8519,9 +8002,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCaCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8538,9 +8019,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCaSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8568,9 +8047,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCert /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8587,9 +8064,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigCert /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8606,9 +8081,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigOauth2TlsConfigKeyS /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8661,13 +8134,11 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfig { pub key_secret: Option, /// Maximum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] pub max_version: Option, /// Minimum acceptable TLS version. /// - /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] pub min_version: Option, @@ -8696,9 +8167,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCaConfigMa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8715,9 +8184,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCaSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8745,9 +8212,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCertConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8764,9 +8229,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigCertSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8783,9 +8246,7 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfigTlsConfigKeySecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8909,8 +8370,7 @@ pub enum AlertmanagerConfigRouteMatchersMatchType { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AlertmanagerConfigTimeIntervals { /// Name of the time interval. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// TimeIntervals is a list of TimePeriod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeIntervals")] pub time_intervals: Option>, diff --git a/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/instrumentations.rs b/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/instrumentations.rs index c68757b4b..f031eeac9 100644 --- a/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/instrumentations.rs +++ b/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/instrumentations.rs @@ -187,6 +187,8 @@ pub struct InstrumentationApacheHttpdResourceRequirements { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationApacheHttpdResourceRequirementsClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -270,6 +272,8 @@ pub struct InstrumentationDotnetResourceRequirements { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationDotnetResourceRequirementsClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -415,6 +419,8 @@ pub struct InstrumentationGoResourceRequirements { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationGoResourceRequirementsClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -506,6 +512,8 @@ pub struct InstrumentationJavaResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationJavaResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -649,6 +657,8 @@ pub struct InstrumentationNginxResourceRequirements { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationNginxResourceRequirementsClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -732,6 +742,8 @@ pub struct InstrumentationNodejsResourceRequirements { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationNodejsResourceRequirementsClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -815,6 +827,8 @@ pub struct InstrumentationPythonResourceRequirements { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstrumentationPythonResourceRequirementsClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opampbridges.rs b/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opampbridges.rs index c29eb2a9c..3b35011ca 100644 --- a/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opampbridges.rs +++ b/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opampbridges.rs @@ -493,6 +493,8 @@ pub struct OpAMPBridgePodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -573,6 +575,8 @@ pub struct OpAMPBridgeResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpAMPBridgeResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -763,6 +767,8 @@ pub struct OpAMPBridgeVolumes { #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, pub name: String, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1117,6 +1123,14 @@ pub struct OpAMPBridgeVolumesHostPath { pub r#type: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpAMPBridgeVolumesImage { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpAMPBridgeVolumesIscsi { #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] diff --git a/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opentelemetrycollectors.rs b/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opentelemetrycollectors.rs index 6ddc111ed..b1e62da51 100644 --- a/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opentelemetrycollectors.rs +++ b/kube-custom-resources-rs/src/opentelemetry_io/v1alpha1/opentelemetrycollectors.rs @@ -12,12 +12,11 @@ mod prelude { } use self::prelude::*; -#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq)] #[kube(group = "opentelemetry.io", version = "v1alpha1", kind = "OpenTelemetryCollector", plural = "opentelemetrycollectors")] #[kube(namespaced)] #[kube(status = "OpenTelemetryCollectorStatus")] #[kube(schema = "disabled")] -#[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct OpenTelemetryCollectorSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalContainers")] @@ -28,8 +27,7 @@ pub struct OpenTelemetryCollectorSpec { pub args: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub autoscaler: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub config: Option, + pub config: String, #[serde(default, skip_serializing_if = "Option::is_none")] pub configmaps: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "deploymentUpdateStrategy")] @@ -52,8 +50,8 @@ pub struct OpenTelemetryCollectorSpec { pub lifecycle: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] pub liveness_probe: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "managementState")] - pub management_state: Option, + #[serde(rename = "managementState")] + pub management_state: OpenTelemetryCollectorManagementState, #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxReplicas")] pub max_replicas: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReplicas")] @@ -504,6 +502,8 @@ pub struct OpenTelemetryCollectorAdditionalContainersResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorAdditionalContainersResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1644,6 +1644,8 @@ pub struct OpenTelemetryCollectorInitContainersResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorInitContainersResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1993,6 +1995,8 @@ pub struct OpenTelemetryCollectorPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -2075,6 +2079,8 @@ pub struct OpenTelemetryCollectorResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2599,6 +2605,8 @@ pub struct OpenTelemetryCollectorTargetAllocatorPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -2676,6 +2684,8 @@ pub struct OpenTelemetryCollectorTargetAllocatorResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorTargetAllocatorResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3051,6 +3061,8 @@ pub struct OpenTelemetryCollectorVolumes { #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, pub name: String, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3405,6 +3417,14 @@ pub struct OpenTelemetryCollectorVolumesHostPath { pub r#type: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpenTelemetryCollectorVolumesImage { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorVolumesIscsi { #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] diff --git a/kube-custom-resources-rs/src/opentelemetry_io/v1beta1/opentelemetrycollectors.rs b/kube-custom-resources-rs/src/opentelemetry_io/v1beta1/opentelemetrycollectors.rs index 830a292af..876535bd9 100644 --- a/kube-custom-resources-rs/src/opentelemetry_io/v1beta1/opentelemetrycollectors.rs +++ b/kube-custom-resources-rs/src/opentelemetry_io/v1beta1/opentelemetrycollectors.rs @@ -12,12 +12,11 @@ mod prelude { } use self::prelude::*; -#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq)] #[kube(group = "opentelemetry.io", version = "v1beta1", kind = "OpenTelemetryCollector", plural = "opentelemetrycollectors")] #[kube(namespaced)] #[kube(status = "OpenTelemetryCollectorStatus")] #[kube(schema = "disabled")] -#[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct OpenTelemetryCollectorSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalContainers")] @@ -59,8 +58,8 @@ pub struct OpenTelemetryCollectorSpec { pub lifecycle: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] pub liveness_probe: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "managementState")] - pub management_state: Option, + #[serde(rename = "managementState")] + pub management_state: OpenTelemetryCollectorManagementState, #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] @@ -509,6 +508,8 @@ pub struct OpenTelemetryCollectorAdditionalContainersResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorAdditionalContainersResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1697,6 +1698,8 @@ pub struct OpenTelemetryCollectorInitContainersResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorInitContainersResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2064,6 +2067,8 @@ pub struct OpenTelemetryCollectorPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -2162,6 +2167,8 @@ pub struct OpenTelemetryCollectorResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2694,6 +2701,8 @@ pub struct OpenTelemetryCollectorTargetAllocatorPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -2803,6 +2812,8 @@ pub struct OpenTelemetryCollectorTargetAllocatorResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorTargetAllocatorResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3162,6 +3173,8 @@ pub struct OpenTelemetryCollectorVolumes { #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, pub name: String, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3516,6 +3529,14 @@ pub struct OpenTelemetryCollectorVolumesHostPath { pub r#type: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OpenTelemetryCollectorVolumesImage { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OpenTelemetryCollectorVolumesIscsi { #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] diff --git a/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs b/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs index 59bc0477d..581cce7ca 100644 --- a/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs +++ b/kube-custom-resources-rs/src/org_eclipse_che/v2/checlusters.rs @@ -1119,6 +1119,11 @@ pub struct CheClusterDevEnvironments { /// ImagePullPolicy defines the imagePullPolicy used for containers in a DevWorkspace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, + /// The maximum number of concurrently running workspaces across the entire Kubernetes cluster. + /// This applies to all users in the system. If the value is set to -1, it means there is + /// no limit on the number of running workspaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxNumberOfRunningWorkspacesPerCluster")] + pub max_number_of_running_workspaces_per_cluster: Option, /// The maximum number of running workspaces per user. /// The value, -1, allows users to run an unlimited number of workspaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxNumberOfRunningWorkspacesPerUser")] diff --git a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs index 2b223cd26..372871c6d 100644 --- a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs +++ b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs @@ -145,6 +145,9 @@ pub struct PostgresClusterSpec { pub struct PostgresClusterBackups { /// pgBackRest archive configuration pub pgbackrest: PostgresClusterBackupsPgbackrest, + /// VolumeSnapshot configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub snapshots: Option, } /// pgBackRest archive configuration @@ -3483,6 +3486,14 @@ pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestConfigResourcesClai pub name: String, } +/// VolumeSnapshot configuration +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsSnapshots { + /// Name of the VolumeSnapshotClass that should be used by VolumeSnapshots + #[serde(rename = "volumeSnapshotClassName")] + pub volume_snapshot_class_name: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterConfig { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlbackups.rs b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlbackups.rs index 3675890ce..1bbc0ddc2 100644 --- a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlbackups.rs +++ b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlbackups.rs @@ -504,6 +504,8 @@ pub struct PerconaServerMySQLBackupStatusStoragePodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -569,6 +571,8 @@ pub struct PerconaServerMySQLBackupStatusStorageResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLBackupStatusStorageResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlrestores.rs b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlrestores.rs index 9f2c826f2..687692e84 100644 --- a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlrestores.rs +++ b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqlrestores.rs @@ -506,6 +506,8 @@ pub struct PerconaServerMySQLRestoreBackupSourceStoragePodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -571,6 +573,8 @@ pub struct PerconaServerMySQLRestoreBackupSourceStorageResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLRestoreBackupSourceStorageResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs index 07e616452..df764ee7f 100644 --- a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs +++ b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs @@ -794,6 +794,8 @@ pub struct PerconaServerMySQLBackupPitrBinlogServerPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -922,6 +924,8 @@ pub struct PerconaServerMySQLBackupPitrBinlogServerResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLBackupPitrBinlogServerResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1160,18 +1164,18 @@ pub struct PerconaServerMySQLBackupResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLBackupResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLBackupSchedule { #[serde(default, skip_serializing_if = "Option::is_none")] pub keep: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub schedule: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageName")] - pub storage_name: Option, + pub name: String, + pub schedule: String, + #[serde(rename = "storageName")] + pub storage_name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1637,6 +1641,8 @@ pub struct PerconaServerMySQLBackupStoragesPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -1702,6 +1708,8 @@ pub struct PerconaServerMySQLBackupStoragesResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLBackupStoragesResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2500,6 +2508,8 @@ pub struct PerconaServerMySQLMysqlPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -2628,6 +2638,8 @@ pub struct PerconaServerMySQLMysqlResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLMysqlResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2737,6 +2749,8 @@ pub struct PerconaServerMySQLMysqlSidecarVolumes { #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, pub name: String, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -3081,6 +3095,14 @@ pub struct PerconaServerMySQLMysqlSidecarVolumesHostPath { pub r#type: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaServerMySQLMysqlSidecarVolumesImage { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLMysqlSidecarVolumesIscsi { #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] @@ -3793,6 +3815,8 @@ pub struct PerconaServerMySQLMysqlSidecarsResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLMysqlSidecarsResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4792,6 +4816,8 @@ pub struct PerconaServerMySQLOrchestratorPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -4920,6 +4946,8 @@ pub struct PerconaServerMySQLOrchestratorResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLOrchestratorResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5232,6 +5260,8 @@ pub struct PerconaServerMySQLPmmResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLPmmResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5874,6 +5904,8 @@ pub struct PerconaServerMySQLProxyHaproxyPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -6002,6 +6034,8 @@ pub struct PerconaServerMySQLProxyHaproxyResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLProxyHaproxyResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6838,6 +6872,8 @@ pub struct PerconaServerMySQLProxyRouterPodSecurityContext { pub seccomp_profile: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub sysctls: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] @@ -6966,6 +7002,8 @@ pub struct PerconaServerMySQLProxyRouterResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLProxyRouterResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7513,6 +7551,8 @@ pub struct PerconaServerMySQLToolkitResources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLToolkitResourcesClaims { pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs b/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs index 320903e4e..04bb9aa49 100644 --- a/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs +++ b/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs @@ -36,7 +36,7 @@ pub struct ScyllaClusterSpec { /// backups specifies backup tasks in Scylla Manager. When Scylla Manager is not installed, these will be ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub backups: Option>, - /// cpuset determines if the cluster will use cpu-pinning for max performance. + /// cpuset determines if the cluster will use cpu-pinning. Deprecated: `cpuset` is deprecated and may be ignored in the future. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpuset: Option, /// datacenter holds a specification of a datacenter. diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs index 750706cf1..04725cd1f 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs @@ -86,7 +86,7 @@ pub struct BucketSpec { /// Bucket provider. /// /// - /// This field is only supported for the `aws` provider. + /// This field is only supported for the `aws` and `generic` providers. #[serde(default, skip_serializing_if = "Option::is_none")] pub sts: Option, /// Suspend tells the controller to suspend the reconciliation of this @@ -178,14 +178,61 @@ pub struct BucketSecretRef { /// Bucket provider. /// /// -/// This field is only supported for the `aws` provider. +/// This field is only supported for the `aws` and `generic` providers. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct BucketSts { + /// CertSecretRef can be given the name of a Secret containing + /// either or both of + /// + /// + /// - a PEM-encoded client certificate (`tls.crt`) and private + /// key (`tls.key`); + /// - a PEM-encoded CA certificate (`ca.crt`) + /// + /// + /// and whichever are supplied, will be used for connecting to the + /// STS endpoint. The client cert and key are useful if you are + /// authenticating with a certificate; the CA cert is useful if + /// you are using a self-signed server certificate. The Secret must + /// be of type `Opaque` or `kubernetes.io/tls`. + /// + /// + /// This field is only supported for the `ldap` provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] + pub cert_secret_ref: Option, /// Endpoint is the HTTP/S endpoint of the Security Token Service from /// where temporary credentials will be fetched. pub endpoint: String, /// Provider of the Security Token Service. pub provider: BucketStsProvider, + /// SecretRef specifies the Secret containing authentication credentials + /// for the STS endpoint. This Secret must contain the fields `username` + /// and `password` and is supported only for the `ldap` provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// CertSecretRef can be given the name of a Secret containing +/// either or both of +/// +/// +/// - a PEM-encoded client certificate (`tls.crt`) and private +/// key (`tls.key`); +/// - a PEM-encoded CA certificate (`ca.crt`) +/// +/// +/// and whichever are supplied, will be used for connecting to the +/// STS endpoint. The client cert and key are useful if you are +/// authenticating with a certificate; the CA cert is useful if +/// you are using a self-signed server certificate. The Secret must +/// be of type `Opaque` or `kubernetes.io/tls`. +/// +/// +/// This field is only supported for the `ldap` provider. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketStsCertSecretRef { + /// Name of the referent. + pub name: String, } /// STS specifies the required configuration to use a Security Token @@ -193,11 +240,22 @@ pub struct BucketSts { /// Bucket provider. /// /// -/// This field is only supported for the `aws` provider. +/// This field is only supported for the `aws` and `generic` providers. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum BucketStsProvider { #[serde(rename = "aws")] Aws, + #[serde(rename = "ldap")] + Ldap, +} + +/// SecretRef specifies the Secret containing authentication credentials +/// for the STS endpoint. This Secret must contain the fields `username` +/// and `password` and is supported only for the `ldap` provider. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketStsSecretRef { + /// Name of the referent. + pub name: String, } /// BucketStatus records the observed state of a Bucket. diff --git a/kube-custom-resources-rs/src/wildfly_org/v1alpha1/wildflyservers.rs b/kube-custom-resources-rs/src/wildfly_org/v1alpha1/wildflyservers.rs index 2e872be2a..cd4f809e7 100644 --- a/kube-custom-resources-rs/src/wildfly_org/v1alpha1/wildflyservers.rs +++ b/kube-custom-resources-rs/src/wildfly_org/v1alpha1/wildflyservers.rs @@ -247,7 +247,7 @@ pub struct WildFlyServerLivenessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct WildFlyServerLivenessProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -309,7 +309,7 @@ pub struct WildFlyServerReadinessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct WildFlyServerReadinessProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -486,7 +486,7 @@ pub struct WildFlyServerStartupProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct WildFlyServerStartupProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String,